Image Library Exploit Leaking Yahoo! Mail Images Now Retired
A recent vulnerability found in the open-source ImageMagick library used by Yahoo! to process images could have allowed attackers to view image email attachments. After being reported by security researcher Chris Evans, Yahoo! retired the library and rewarded Evans a $14,000 bounty.
It”s not the first time the ImageMagick library had been found vulnerable: in 2016, a reported vulnerability (CVE-2016-3714) allowed attackers to upload maliciously crafted files to gain a remote shell into vulnerable web servers.
The new vulnerability involves using an 18-byte exploit file and attaching it to an email. Once the recipient (in this case the security researcher) opens it. he would open/view an image stored within the web server”s memory. Repeating the procedure would result in randomly opening up in-memory images.
“This type of vulnerability is fairly stealthy compared to an out-of-bounds read because the server will never crash,” according to Evans. “However, the leaked secrets will be limited to those present in freed heap chunks.”
The researcher”s proof-of-concept proves that, with as little as 18-bytes of code â€“ practically a single line â€“ attackers could not only grab images undetected, but also that memory-based attack techniques are more difficult to detect.
“The vulnerability exists in the obscure RLE (Utah Raster Toolkit Run Length Encoded) image format,” wrote the researcher. “It’s a tricky vulnerability to spot because of the abstraction and also because this is a vulnerability caused by the absence of a necessary line of code, not the presence of a buggy line of code.”
When Evans declared the $14,000 bounty would go to charity, Yahoo! doubled it.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
August 05, 2021
August 04, 2021