SoylentNews

fliptop [soylentnews.org] writes:

A week ago it was reported [zdnet.com] that a vulnerability in the ImageMagick image processing library left Websites open to attack. It didn't take long for attackers to develop exploit kits and code to utilize the flaw [zdnet.com]:

Recently, researchers discovered a flaw in the system, CVE-2016-3714 [imagetragick.com], which if exploited through the upload of malicious images, leads to remote code execution and hijacked domains, malware distribution and information leaks.

[...]There are a number of different exploit kits and scripts which are now implementing CVE-2016-3714, but the worst of which so far implements the Python scripting language.

[...]Researchers from Securi have also witnessed [sucuri.net] cyberattackers using the vulnerability to launch attacks against specific targets with malicious code disguised as benevolent .JPG images.

[...]Webmasters using ImageMagick should update their software to the latest release as quickly as possible.

Original Submission