1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ImageMagick vulnerabilities place countless websites at risk, active exploitation confirmed

Discussion in 'CSO' started by RSS, May 3, 2016.

  1. RSS

    RSS New Member Member

    Tuesday afternoon, Slack security engineer Ryan Huber posted a brief warning on Medium surrounding vulnerabilities in ImageMagick, an image manipulation suite installed on millions of web servers.

    These flaws, which are being actively exploited by criminals, leave websites vulnerable to a complete takeover.

    "There is some irony in disclosing vulnerabilities affecting an image processing package and not giving them logos, but here we areā€¦," Huber wrote, softening the blow some.

    Humor aside, the issue is serious. Millions of web servers have ImageMagick compiled along with PHP, but the vulnerability is also present on servers where the library is compiled with Ruby (rmagick and paperclip) and NodeJS's ImageMagick.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page