Facebook Patches Critical Exploits in Its HHVM Server Software
CYBER NEWS

Facebook Patches Critical Exploits in Its HHVM Server Software

1 Star2 Stars3 Stars4 Stars5 Stars (1 stemmer, gennemsnit: 5.00 ud af 5)
Loading ...

Facebook has announced that they have updated their HHVM server software which removes the possibility of it to be exploited. The company announced that two critical bugs were fund in it. The vulnerabilities allow the hackers to obtain sensitive data or cause a denial of service attack by uploading a malicious JPEG image.




Facebook has updated their HHVM server software by fixing two critical errors that have been identified in it. These bugs are rated as “kritisk” by the social network and concern the fact that by exploiting the JPEG processing engine. The criminals have found that they can construct dangerous image files that can be used to lead to denial of service or data theft. The problem lies within the HHVM engine, forkortelse for HipHop Virtual Machine which is the service which has been developed by Facebook. Its purpose is to execute programs written in the Hack and PHP programming languages in a high-performance mode. Its code is open-source meaning that other platforms that use it for their own portals.

Relaterede: Hackers Use iOS Exploit Chains Against iPhone Users

eksempler er Wikipedia og Boks which also share the same image uploading schemes. The origins of the vulnerabilities are presumed to be caused by a memory overflow in one of the extensions. The result of the image processes will lead to a so-called out-of-bounds — this means that the malfunctioning program (in the case of HHVM) can read data from outside of the allocated memory. As a result of the weakness the problems have been classified in the following advisories:

  • CVE-2019-11925 — Insufficient boundary check issues occur when processing the JPEG APP12 block marker in the GD extension, allowing potential attackers to access out-of-bounds memory via a maliciously crafted invalid JPEG input.
  • CVE-2019-11926 — Insufficient boundary check issues occur when processing M_SOFx markers from JPEG headers in the GD extension, allowing potential attackers to access out-of-bounds memory via a maliciously crafted invalid JPEG input.

All services that use the HHVM service are urged to update their installations to the latest version.

Avatar

Martin Beltov

Martin dimitterede med en grad i Publishing fra Sofia Universitet. Som en cybersikkerhed entusiast han nyder at skrive om de nyeste trusler og mekanismer indbrud.

Flere indlæg - Websted

Følg mig:
TwitterGoogle Plus

Efterlad en kommentar

Din e-mail-adresse vil ikke blive offentliggjort. Krævede felter er markeret *

Frist er opbrugt. Venligst genindlæse CAPTCHA.

Del på Facebook Del
Loading ...
Del på Twitter Tweet
Loading ...
Del på Google Plus Del
Loading ...
Del på Linkedin Del
Loading ...
Del på Digg Del
Del på Reddit Del
Loading ...
Del på Stumbleupon Del
Loading ...