1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Critical flaws in ImageMagick library expose websites to hacking

Discussion in 'Network World' started by RSS, May 4, 2016.

  1. RSS

    RSS New Member Member

    A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there's no official patch yet and exploits are already available.

    The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.

    Furthermore, there is evidence that people aside from security researchers and ImageMagick developers know about the flaws, which is why their existence was publicly disclosed Tuesday. The flaws can be exploited by uploading specially crafted images to Web applications that rely on ImageMagick to process them.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page