The good news? The exploit only works under certain conditions. You have to upload an image without a file extension (verboten at services like Dropbox), and any site that modifies the image (such as Facebook or Google Photos) will neuter any hostile code. Still, you won't be completely safe unless browser makers patch up. Your best solution until then is to peek solely at pictures from people and sites you trust.
Update: Web engineer Christian Bundy and others are critical of Shah's claims that this is an exploit. As Bundy explains, you'd still need a malicious website that tells your browser to run the image as a script. It's still possible that someone could send you to a seemingly innocuous image host that compromises your PC, but they can't simply upload a snapshot to a photo service and launch attacks. This is more about making it harder to spot rogue code than using the images themselves as weapons.
[Image credit: eAlina/Getty Images]