A serious vulnerability in ImageMagick , a popular software library to handle with graphics, ensures that a large number of websites are vulnerable and at risk of being hacked. In case a website allows users to upload an image and using ImageMagick, an attacker can, at worst, run arbitrary code on the Web server.
Several plug-ins for image processing depend on the ImageMagick library, such as PHP's imagick, Ruby's RMagick and paperclip and NodeJS's imagemagick. The vulnerability is called " ImageTragick received" and was discovered by security researcher Nikolay Ermishkin . According to researcher Ryan Huber, it's easy to make abuse and will exploit them for short term appear.
The prediction Huber yesterday evening did turned out to be correct, because now such exploits include published. The developers of ImageMagick have a solution available that prevents the attack. Administrators should add a few lines of code in this case a file used by ImageMagick. A security will be released this weekend.
No comments:
Post a Comment