Failure to patch known ImageMagick flaw for months costs Facebook $40k
It’s not common for a security-conscious internet company to leave a well-known vulnerability unpatched for months, but it happens. Facebook paid a US$40,000 reward to a researcher after he warned the company that its servers were vulnerable to an exploit called ImageTragick.
ImageTragick is the name given by the security community to a critical vulnerability that was found in the ImageMagick image processing tool back in May.
ImageMagick is a command-line tool that can resize, convert and optimize images in many formats. Web server libraries like PHP’s imagick, Ruby’s rmagick and paperclip, and Node.js’s imagemagick, used by millions of websites, are based on it.