Popular Image Processing Software Might Be Carrying Hidden Malicious Code
A large number of websites have been left vulnerable to one simple attack that is on the Internet. The attack involves the hackers being able to hide malicious codes inside images that may have booby traps on them.
The flaw is thought to be in the ImageMagick, which is a widely used image processing library that is widely supported by PHP, Ruby, NodeJS, Python, and many other languages on the Internet. ImageMagick is especially relied upon by most of the social media and blogging sites on the internet. A host of content management systems are also indirectly and directly reliant on the ImageMagick technology. The technology is used to resize images helping them to be uploaded by end users.
Ryan Huber, a developer and security researcher believes the essential ImageMagick technology has a flaw that is allowing bad and malformed images which force a Web server to implement the code that has been chosen by a hacker. Any of the websites that makes use of the ImageMagick technology and allows its users to post images from it are reportedly at risk of attacks which have the potential to cripple their security.
Huber mentioned in a blog post that the attack was so small that even after a few hours of his blog post he expected it to the surface. He also noted that the new exploit might be in numerous people’s hands other than just the creator of the flaw, which in such a scenario would make the problem very critical for all parties involved in the issue and all those who use the software.
The ImageMagick maintainers have admitted that there might be a chance that there are critical flaws in the system which allow for remote code execution. No security patches have been released by the team but they urge website administrators to add security systems of their own to block some of the possible exploits. This might be achieved by adding a few lines of code to the configuration files. Huber also advised that sites check if all image files being uploaded on their sites had the expected magic bytes which would correspond to the image file types. If any of the security measures cannot be implemented, he suggests that administrators temporarily suspend the act of image uploading.
Nikolay Ermishkin, a security researcher discovered the code execution bug and is expected to release some advice on the bug later on. Huber only decided to come forth with the info himself before Ermishkin’s planned disclosure because he had learned that the vulnerability was being used widely already. It has been used in some recent bug bounty submissions where it came to light.
Given all that, you should definitely keep yourself safe with a good VPN.