A security vulnerability in the open source ImageMagick graphics tool used by a large number of websites could allow a malicious payload to be executed onsite.
ImageMagick, an open source suite of tools for working with graphic images used by a large number of websites, has been found to contain a serious security vulnerability that puts sites using the software at risk for malicious code to be executed onsite. Security experts consider exploitation to be so easy they’re calling it “trivial,” and exploits are already circulating in the wild. The biggest risk is to sites that allows users to upload their own image files.
Information about the vulnerability was made public Tuesday afternoon by Ryan Huber, a developer and security researcher, who wrote that he had little choice but to post about the exploit.
The case revolves around Verizon’s use of a supercookie — a cookie that uses a variety of techniques to make it nearly impossible to remove or disable — which the carrier began placing on its customers’ phones in 2012. The cookie gathered information that combined a person’s Internet history — whether through browsers or apps — with their unique customer information. The company ran afoul of the law because of the way it shared the information it gleaned with third parties.
