The Latest in IT Security

Image Library Exploit Leaking Yahoo! Mail Images Now Retired

23
May
2017
Image Library Exploit Leaking Yahoo! Mail Images Now Retired

1486153458050

A recent vulnerability found in the open-source ImageMagick library used by Yahoo! to process images could have allowed attackers to view image email attachments. After being reported by security researcher Chris Evans, Yahoo! retired the library and rewarded Evans a $14,000 bounty.

It’s not the first time the ImageMagick library had been found vulnerable: in 2016, a reported vulnerability (CVE-2016-3714) allowed attackers to upload maliciously crafted files to gain a remote shell into vulnerable web servers. The new vulnerability involves using an 18-byte exploit file and attaching it to an email.

Read More

Leave a reply


Categories

WEDNESDAY, SEPTEMBER 20, 2017

Featured

Archives

Latest Comments

Social Networks