Yahoo banishes ImageMagick software after it was found vulnerable to data exfiltration
Yahoo has reportedly banished its use of ImageMagick, an image processing software which contained two vulnerabilities that could exploit the user’ s content in an unauthorized way from the memory of the Yahoo’ s private server.
Security researcher Chris Evans was the one who discovered the vulnerabilities and named the two vulnerabilities as Yahoobleed #1 and Yahoobleed #2, because they evoked the memories and used the data from the leaked server content.
The Yahoobleed #1 is a zero-day ImageMagick bug that specifically resided in the RLE (Run Length Encoded) image format. Yahoobleed #1 was caused by an " uninitialized image decode buffer" that was " used as the basis for an image rendered back to the client," Evans explained in his blog post. This vulnerability leaks server-side memory.
The Yahoobleed #2 affected Yahoo thumbnailing servers, which contains a two year old out-of-bounds error in ImageMagick’ s SUN decoder. To test out this vulnerability, Evans wrote a 40-byte SUN exploit file that exfiltrated a JPEG compressed file, from which he was able to recover raw bytes of data.
Evans further explained that seeing a random face in the JPEG file attachment that he sent to himself to test out Yahoobleed #1 spooked him out and he destroyed all files based on uninitialized memory and reported the bug to the developers of the ImageMagick.
Yahoo has paid Evans $14,000 for his work, which he plans to donate to the charity. Evans himself has been authored to fix this vulnerability.
Comments ( 0 )
No comments available