On May 3rd, 2016, security researcher Stewie with assistance from Nikolay Ermishkin disclosed a vulnerability in ImageMagick which could be used to allow remote execution of code. This vulnerability has left millions of websites vulnerable to hackers, as hackers can upload malicious files through any file uploader, and then execute commands to take over the system. For example, a file could be uploaded to install a backdoor on the server.
A hacker could also replace existing images with different ones, further defacing the website, and reputation of your business.
The developers of ImageMagick have been working hard to close this vulnerability. Until then, users can apply certain configurations that would mitigate their risk.
At Filestack, we use the ImageMagick library to handle millions of file conversions per day, so it was imperative that we secure our systems before our customers fell victim. We want to let you, our customers, know that you are in good hands; our admins had our systems updated and secured within hours of the disclosure of the vulnerability.
At Filestack, our job is to host, secure, and serve the files of our customers who rely on us to convert millions of files daily, with our uploader is deployed on thousands of sites. We’re happy to have helped make the internet a safer place for all.