- Apr 21, 2016
- 4,370
Yahoo is once more at the center of a security scandal after a ImageMagick library exploit was found leaking user email content.
The discovery was made by security researcher Chris Evans, who demonstrated the exploit, showing just how easy it was to break Yahoo's system to trigger email information leaks. Yahoo has since retired the use of the ImageMagick library.
Evans discovered two ways to get the result he wanted. Yahoobleed1, the first version, involved exploiting the vulnerability in ImageMagick by emailing a maliciously manipulated image file to a Yahoo Mail address. Once the 18-byte file was opened, Yahoo server memory chunks were leaking to the end user. The second version, Yahoobleed2, worked by exploiting the vulnerability.
Read more: Yahoo Retires ImageMagick After Exploit Leaks Email Content
The discovery was made by security researcher Chris Evans, who demonstrated the exploit, showing just how easy it was to break Yahoo's system to trigger email information leaks. Yahoo has since retired the use of the ImageMagick library.
Evans discovered two ways to get the result he wanted. Yahoobleed1, the first version, involved exploiting the vulnerability in ImageMagick by emailing a maliciously manipulated image file to a Yahoo Mail address. Once the 18-byte file was opened, Yahoo server memory chunks were leaking to the end user. The second version, Yahoobleed2, worked by exploiting the vulnerability.
Read more: Yahoo Retires ImageMagick After Exploit Leaks Email Content
Last edited by a moderator: