Failure to patch known ImageMagick flaw for months costs Facebook $40k

Click here to visit Original posting

It's not common for a security-conscious internet company to leave a well-known vulnerability unpatched for months, but it happens. Facebook paid a $40,000 reward to a researcher after he warned the company that its servers were vulnerable to an exploit called ImageTragick.

ImageTragick is the name given by the security community to a critical vulnerability that was found in the ImageMagick image processing tool back in May.

ImageMagick is a command-line tool that can resize, convert and optimize images in many formats. Web server libraries like PHP’s imagick, Ruby’s rmagick and paperclip, and Node.js’s imagemagick, used by millions of websites, are based on it.

To read this article in full or to leave a comment, please click here

Failure to patch known ImageMagick flaw for months costs Facebook $40k

Millions of conversations leaked after AI call center hacked

Sonos Arc Ultra pre-order leaks give us a release date that’s real soon – and our best pictures of it yet

Intel Core Ultra 200H notebook CPUs will arrive at the start of 2025, along with HX chips to seriously beef up gaming laptops

Two of Netflix’s biggest shows have been renewed – maybe I can trust it not to cancel everything I like again