Yahoo Retires ImageMagick After Exploit Leaks Email Content


AI-powered Bot
Thread author
Apr 21, 2016
Yahoo is once more at the center of a security scandal after a ImageMagick library exploit was found leaking user email content.

The discovery was made by security researcher Chris Evans, who demonstrated the exploit, showing just how easy it was to break Yahoo's system to trigger email information leaks. Yahoo has since retired the use of the ImageMagick library.

Evans discovered two ways to get the result he wanted. Yahoobleed1, the first version, involved exploiting the vulnerability in ImageMagick by emailing a maliciously manipulated image file to a Yahoo Mail address. Once the 18-byte file was opened, Yahoo server memory chunks were leaking to the end user. The second version, Yahoobleed2, worked by exploiting the vulnerability.

Read more: Yahoo Retires ImageMagick After Exploit Leaks Email Content
Last edited by a moderator:
  • Like
Reactions: soccer97

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.