• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

ImageMagick security flaw lets hackers execute malicious code remotely

Updated on May 4, 2016 by Guest Authors

ImageMagick, an open source image processing software, has been infected with a security hole that allows attackers to upload images that contain malicious code intended to deceive the ImageMagick software to run the hacker’s commands remotely.

The ImageMagick software, for the benefit of those who are not familiar with the tool, processes images that are uploaded by users via the Internet to the servers of various websites. It operates in the background, meaning the process is hidden from plain sight of Web admins. That could also mean that remote users have the opportunity to upload images with malicious code embedded in it. And this is the case with the new security hole researchers found in the ImageMagick software.

image-magick

The vulnerability is already known to a number of attackers and security researchers have been seeing exploits in the wild related to the ImageMagick software flaw. The bug is especially desirable for cyber criminals looking to take control of legit websites in the Linux ecosystem via remote code execution tactics. This often results in various forms of attacks such as phishing, data theft, and ransomware campaigns.

You might not have noticed it, but you may have probably used ImageMagick in one way or another when you upload images to your blog. It is different from other photo applications that allow you to interact with an image displayed in a graphical window. It processes images in bulk with the use of a wide array of command-line programs to crop the great amount of photos into specific dimensions, for example.

ImageMagick is also responsible for the thumbnail display of images, especially on online service offerings that let users store photos for later browsing. It would help if you ask first your hosting service provider if they are using the ImageMagick software so that you will know whether to take action or not. ImageMagick recommends that you patch the flaw using its fix released in late April and/or edit the policy.xml file of the software as an alternative.

By introducing new lines to the policy configuration of ImageMagick, you simply switch off the automatic processing of specific input types that refer to the files in the local filing directory. Security experts suspect that a flaw in the filing system enables outside reference to the inside files, which in turn allows for remote code execution. It appears that this configuration of ImageMagick software policy has been in existence since as late as 2014, though they were not a default part of the file then.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

EPOMAKER CIDOO V65 V2 Wireless Mechanical Keyboard Review

VTOMAN FlashSpeed 1500 Portable Power Station Review

OKP L1 Robot Vacuum Cleaner Review – Affordable Robot with LiDAR Navigation

KEF LS50 Bookshelf Speakers Review: A Sound Decision Over the LS50 Meta

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • EPOMAKER CIDOO V65 V2 Wireless Mechanical Keyboard Review
  • Azulle’s BYTE4: Customization at Its Finest With 3 Stellar Add-on Modules
  • VTOMAN FlashSpeed 1500 Portable Power Station Review
  • OpenRock S Review – Revolutionizing the World of Earbuds

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}