Security researchers have discovered a serious vulnerability in ImageMagick, an image processor used by millions of websites.
It also includes mitigation advice until a patch is rolled out by the company.
Its ambiguous enough that many webmasters probably do not even realize they are using it.
This could permit hackers to hijack domains, distribute malware and steal data.
However, the Mail.Ru researchers called these measures incomplete.
The vulnerability is very simple to exploit, Sucuri founder and CTO Daniel Cid wrote.
An attacker only needs an image uploader tool that leverages ImageMagick.
Unfortunately, even with all the media attention, not everyone is aware of this issue.
Additionally, ImageMagick developers have recommended a policy-based mitigation approach on their support forum.
source: www.techworm.net
