Hackers hijack websites by uploading photos

It was only last week that we reported how ImageMagick, a popular library for image processing on websites, contained a vulnerability leaving countless web domains open to exploit.

screen-shot-2016-05-10-at-09-39-17.jpg

It didn’t take long, but cyberattackers have jumped on the flaw and have already begun upgrading exploit kits and developing new code to compromise websites — and therefore reach your devices.

ImageMagick is a critical image processing library used by many websites which support image processing and bulk uploading.

The open-source software acts as the supporting infrastructure for a number of processing plugins — including PHP’s imagick, Ruby’s rmagick, paperclip and node.js’s imagemagick.

As content sharing online became ever more popular, these systems now provide a critical service for many web domains.

Recently, researchers discovered a flaw in the system, CVE-2016-3714, which if exploited through the upload of malicious images, leads to remote code execution and hijacked domains, malware distribution and information leaks.

Proof-of-concept (PoC) examples have been released.

According to researchers at CloudFlare, the flaw — dubbed by some as “ImageTragick” — is being actively exploited to attack websites.

There are a number of different exploit kits and scripts which are now implementing CVE-2016-3714, but the worst of which so far implements the Python scripting language. The researchers say:

“The parameters to the program are the IP address and port of a machine to contact. The python code connects to that machine and makes a shell available on the web server to the attacker. At that point the attacker can interact directly with the web server.

With a single exploit they can get remote access and then proceed to further hack the vulnerable Web server at their leisure.”

Researchers from Securi have also witnessed cyberattackers using the vulnerability to launch attacks against specific targets with malicious code disguised as benevolent .JPG images.

Although it is not yet known if any of the attacks against websites using ImageMagick have been successful, considering how quickly the vulnerability has been exploited and how wide-ranging ImageMagick’s use in websites is, it is likely — placing not only websites, but users visiting these domains at risk of exposure.

Webmasters using ImageMagick should update their software to the latest release as quickly as possible.

More security news

Read on: Top picks