Facebook Patches Critical Exploits in Its HHVM Server Software
CYBER NOTICIAS

Facebook Patches Critical Exploits in Its HHVM Server Software

1 Star2 Stars3 Stars4 Stars5 Stars (1 votos, promedio: 5.00 de 5)
Cargando ...

Facebook has announced that they have updated their HHVM server software which removes the possibility of it to be exploited. The company announced that two critical bugs were fund in it. The vulnerabilities allow the hackers to obtain sensitive data or cause a denial of service attack by uploading a malicious JPEG image.




Facebook has updated their HHVM server software by fixing two critical errors that have been identified in it. These bugs are rated as “crítico” by the social network and concern the fact that by exploiting the JPEG processing engine. The criminals have found that they can construct dangerous image files that can be used to lead to denial of service or data theft. The problem lies within the HHVM engine, corto para HipHop Virtual Machine which is the service which has been developed by Facebook. Its purpose is to execute programs written in the Hack and PHP programming languages in a high-performance mode. Its code is open-source meaning that other platforms that use it for their own portals.

Relacionado: Hackers Use iOS Exploit Chains Against iPhone Users

Ejemplos de ello son Wikipedia y Caja which also share the same image uploading schemes. The origins of the vulnerabilities are presumed to be caused by a memory overflow in one of the extensions. The result of the image processes will lead to a so-called out-of-bounds — this means that the malfunctioning program (in the case of HHVM) can read data from outside of the allocated memory. As a result of the weakness the problems have been classified in the following advisories:

  • CVE-2019-11925 — Insufficient boundary check issues occur when processing the JPEG APP12 block marker in the GD extension, allowing potential attackers to access out-of-bounds memory via a maliciously crafted invalid JPEG input.
  • CVE-2019-11926 — Insufficient boundary check issues occur when processing M_SOFx markers from JPEG headers in the GD extension, allowing potential attackers to access out-of-bounds memory via a maliciously crafted invalid JPEG input.

All services that use the HHVM service are urged to update their installations to the latest version.

avatar

Martin Beltov

Martin se graduó con un título en Edición de la Universidad de Sofía. Como un entusiasta de la seguridad cibernética que le gusta escribir sobre las últimas amenazas y mecanismos de intrusión.

Más Mensajes - Sitio web

Sígueme:
Gorjeogoogle Plus

Dejar un comentario

Su dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

Se agotó el tiempo límite. Vuelve a cargar de CAPTCHA.

Compartir en Facebook Compartir
Cargando ...
Compartir en Twitter Pío
Cargando ...
Compartir en Google Plus Compartir
Cargando ...
Compartir en Linkedin Compartir
Cargando ...
Compartir en Digg Compartir
Compartir en Reddit Compartir
Cargando ...
Compartir en Stumbleupon Compartir
Cargando ...