Attackers have wasted no time targeting a critical vulnerability that could allow them to take complete control over websites running a widely used image-processing application, security researchers said.
As Ars reported last week, a vulnerability in ImageMagick allows hackers to execute code of their choice on webservers that use the app to resize or crop user-uploaded images. Over the past few days, security researchers said, attackers have begun uploading booby-trapped images in an attempt to exploit the vulnerability, which is indexed as CVE-2016-3714. CloudFlare, a content delivery network that helps secure and optimize websites, has updated its Web application firewall to block exploits in an attempt to protect customers who have yet to patch the remote code-execution threat.
“We began watching the exploitation of CVE-2016-3714 as soon as the WAF rule went live across our network,” CloudFlare researcher John Graham-Cumming wrote in a blog post published Monday. “The bad news is that this vulnerability is being actively used by hackers to attack websites.”