Facebook has recently addressed two critical vulnerabilities in its server application, potentially exposing sensitive information to remote attackers through the upload of maliciously crafted JPEG files. These vulnerabilities lie within the HipHop Virtual Machine (HHVM), an open-source virtual machine designed for executing PHP and Hack programming languages, which utilizes a just-in-time (JIT) compilation method for enhanced performance.
The risks associated with these vulnerabilities are significant, particularly for websites utilizing HHVM, as this open-source application is widely used, notably by platforms allowing image uploads like Wikipedia and Box. The vulnerabilities arise from a possible memory overflow in the GD extension of HHVM, permitting out-of-bounds memory reads when invalid JPEG inputs are processed, allowing attackers to exploit these flaws.
Specifically, the two issues identified include CVE-2019-11925 and CVE-2019-11926. The first vulnerability involves insufficient boundary checks of the JPEG APP12 block marker, enabling attackers to reach out-of-bounds memory with specially crafted JPEG files. The second issue pertains to the processing of M_SOFx markers in JPEG headers, similarly allowing external access to out-of-bounds memory through flawed processing of invalid JPEG inputs.
These vulnerabilities affect all HHVM versions prior to 3.30.9, as well as various versions within the ranges of 4.0.0 to 4.8.3 and 4.9.0 to 4.17.2, including specific builds of 4.18 and 4.19. The HHVM team has released patches meant to rectify these issues in multiple new versions, prompting those reliant on HHVM to update their systems promptly.
In the context of MITRE ATT&CK tactics, the exploitation of these vulnerabilities falls under initial access and potentially exploitation of public-facing applications. Attackers may have employed techniques like remote code execution or data manipulation through crafted files, posing significant risks to web services operating on outdated HHVM versions.
For organizations employing HHVM, updating to the latest versions is critical to safeguard against potential exploitation of these vulnerabilities. As these issues have broad implications across various platforms, vigilance and proactive updates remain essential in mitigating cybersecurity risks within the evolving landscape of digital threats.
For further updates on cybersecurity threats and protective measures, consider following industry news sources such as Google News, Twitter, and LinkedIn, which continuously report on significant developments in the field.