1 min read

Image Library Exploit Leaking Yahoo! Mail Images Now Retired

Liviu ARSENE

May 22, 2017

Image Library Exploit Leaking Yahoo! Mail Images Now Retired

A recent vulnerability found in the open-source ImageMagick library used by Yahoo! to process images could have allowed attackers to view image email attachments. After being reported by security researcher Chris Evans, Yahoo! retired the library and rewarded Evans a $14,000 bounty.

It”s not the first time the ImageMagick library had been found vulnerable: in 2016, a reported vulnerability (CVE-2016-3714) allowed attackers to upload maliciously crafted files to gain a remote shell into vulnerable web servers.

The new vulnerability involves using an 18-byte exploit file and attaching it to an email. Once the recipient (in this case the security researcher) opens it. he would open/view an image stored within the web server”s memory. Repeating the procedure would result in randomly opening up in-memory images.

“This type of vulnerability is fairly stealthy compared to an out-of-bounds read because the server will never crash,” according to Evans. “However, the leaked secrets will be limited to those present in freed heap chunks.”

The researcher”s proof-of-concept proves that, with as little as 18-bytes of code – practically a single line – attackers could not only grab images undetected, but also that memory-based attack techniques are more difficult to detect.

“The vulnerability exists in the obscure RLE (Utah Raster Toolkit Run Length Encoded) image format,” wrote the researcher. “It’s a tricky vulnerability to spot because of the abstraction and also because this is a vulnerability caused by the absence of a necessary line of code, not the presence of a buggy line of code.”

When Evans declared the $14,000 bounty would go to charity, Yahoo! doubled it.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read