Yesterday afternoon May 3rd, 2016 Slack security engineer Ryan Huber posted an article warning about surrounding vulnerabilities in ImageMagick, an image manipulation software solution installed on millions of Web sites.
“If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities by doing at least one of these two things (but preferably both!):” says Ryan Huber. We have included these solutions below at the bottom of this post.
This vulnerability not only affects the core ImageMagick software, but any third-party software compiled with the ImageMagick libraries, such as server running PHP’s imagick, Ruby on Rails rmagick and paperclick, NodeJS’s ImageMagick, and possibly other software solutions out there.
Attackers are essentially uploading malicious images to web applications whether it be forums, or … READ MORE