ImageMagick, an open source image processing software, has been infected with a security hole that allows attackers to upload images that contain malicious code intended to deceive the ImageMagick software to run the hacker’s commands remotely.
The ImageMagick software, for the benefit of those who are not familiar with the tool, processes images that are uploaded by users via the Internet to the servers of various websites. It operates in the background, meaning the process is hidden from plain sight of Web admins. That could also mean that remote users have the opportunity to upload images with malicious code embedded in it. And this is the case with the new security hole researchers found in the ImageMagick software.
The vulnerability is already known to a number of attackers and security researchers have been seeing exploits in the wild related to the ImageMagick software flaw. The bug is especially desirable for cyber criminals looking to take control of legit websites in the Linux ecosystem via remote code execution tactics. This often results in various forms of attacks such as phishing, data theft, and ransomware campaigns.
You might not have noticed it, but you may have probably used ImageMagick in one way or another when you upload images to your blog. It is different from other photo applications that allow you to interact with an image displayed in a graphical window. It processes images in bulk with the use of a wide array of command-line programs to crop the great amount of photos into specific dimensions, for example.
ImageMagick is also responsible for the thumbnail display of images, especially on online service offerings that let users store photos for later browsing. It would help if you ask first your hosting service provider if they are using the ImageMagick software so that you will know whether to take action or not. ImageMagick recommends that you patch the flaw using its fix released in late April and/or edit the policy.xml file of the software as an alternative.
By introducing new lines to the policy configuration of ImageMagick, you simply switch off the automatic processing of specific input types that refer to the files in the local filing directory. Security experts suspect that a flaw in the filing system enables outside reference to the inside files, which in turn allows for remote code execution. It appears that this configuration of ImageMagick software policy has been in existence since as late as 2014, though they were not a default part of the file then.