Facebook patches críticos Exploits no Seu Software HHVM Servidor
CYBER NEWS

Facebook patches críticos Exploits no Seu Software HHVM Servidor

Facebook anunciou que atualizou seu software de servidor HHVM que elimina a possibilidade de que ele seja explorado. A empresa anunciou que havia dois bugs críticos nele. The vulnerabilities allow the hackers to obtain sensitive data or cause a denial of service attack by uploading a malicious JPEG image.




Facebook has updated their HHVM server software by fixing two critical errors that have been identified in it. These bugs are rated as “crítico” by the social network and concern the fact that by exploiting the JPEG processing engine. The criminals have found that they can construct dangerous image files that can be used to lead to denial of service or data theft. The problem lies within the HHVM engine, short for HipHop Virtual Machine which is the service which has been developed by Facebook. Its purpose is to execute programs written in the Hack and PHP programming languages in a high-performance mode. Its code is open-source meaning that other platforms that use it for their own portals.

relacionado: Hackers usam iOS Exploit Chains contra os usuários do iPhone

Exemplos são Wikipedia e Box which also share the same image uploading schemes. The origins of the vulnerabilities are presumed to be caused by a memory overflow in one of the extensions. The result of the image processes will lead to a so-called out-of-bounds — this means that the malfunctioning program (in the case of HHVM) can read data from outside of the allocated memory. As a result of the weakness the problems have been classified in the following advisories:

  • CVE-2019-11925 — Insufficient boundary check issues occur when processing the JPEG APP12 block marker in the GD extension, allowing potential attackers to access out-of-bounds memory via a maliciously crafted invalid JPEG input.
  • CVE-2019-11926 — Insufficient boundary check issues occur when processing M_SOFx markers from JPEG headers in the GD extension, allowing potential attackers to access out-of-bounds memory via a maliciously crafted invalid JPEG input.

All services that use the HHVM service are urged to update their installations to the latest version.

Avatar

Martin Beltov

Martin formou-se na publicação da Universidade de Sofia. Como a segurança cibernética entusiasta ele gosta de escrever sobre as ameaças mais recentes e mecanismos de invasão.

mais Posts - Local na rede Internet

Me siga:
TwitterGoogle Plus

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...