It’s not common for a security-conscious internet company to leave a well-known vulnerability unpatched for months, but it happens. Facebook paid a US$40,000 reward to a researcher after he warned the company that its servers were vulnerable to an exploit called ImageTragick.

ImageTragick is the name given by the security community to a critical vulnerability that was found in the ImageMagick image processing tool back in May.

ImageMagick is a command-line tool that can resize, convert and optimize images in many formats. Web server libraries like PHP’s imagick, Ruby’s rmagick and paperclip, and Node.js’s imagemagick, used by millions of websites, are based on it.

To read this article in full or to leave a comment, please click here

Read more here:: IT news – Internet

Failure to patch known ImageMagick flaw for months costs Facebook $40k