Latest in Gear

Image credit: Hailshadow via Getty Images

Simple exploits use images to attack websites

The 'right' picture lets intruders run whatever code they want.
6 Shares
Share
Tweet
Share
Save

Sponsored Links

Hailshadow via Getty Images

Would-be hackers don't always have to jump through hoops to bring down a website. Researchers have discovered relatively simple exploits in ImageMagick, a common package for processing pictures on the web, that let attackers run any code they like on a targeted server. If someone uploads a maliciously coded image and ImageMagick handles it, they could theoretically compromise both the site and anyone who visits it. That's particularly dangerous for forums and social networks, where user uploads are par for the course -- a vengeful member could wreck the site for everyone.

Thankfully, there are fixes. The ImageMagick team is closing the security holes within the next few days, and it's possible to thwart at least some attacks by either verifying the integrity of images or using a policy file to disable the susceptible features. The concerns are that these safeguards won't cover everything, or that website owners won't rush to shore up their defenses. It could be a while before you can assume that your favorite social sites are protected.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
6 Shares
Share
Tweet
Share
Save

Popular on Engadget

Hulu's 'Castle Rock' season 2 teaser shows the origins of 'Misery'

Hulu's 'Castle Rock' season 2 teaser shows the origins of 'Misery'

View
YouTube is shutting down its TV-friendly web interface

YouTube is shutting down its TV-friendly web interface

View
SIM-based attack has been used to spy on people for two years

SIM-based attack has been used to spy on people for two years

View
Discord is pulling its subscription service's free games library

Discord is pulling its subscription service's free games library

View
Deluge of Pixel 4 photos confirms a few of the phone's key specs

Deluge of Pixel 4 photos confirms a few of the phone's key specs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr