Facebook has awarded US $40,000 to a security researcher who achieved remote code execution on its servers by exploiting a widely-publicised vulnerability. White-hat hacker Andrey Leonov said he came across the issue one Saturday night in October 2016. Facebooks image converter had been using a vulnerable version of the ImageMagick library. ImageTragick flaws (CVE-2016-3714) allowed an attacker to conceal arbitrary code in an image file. That code would then execute once it had been uploaded to a website.”]
Source: https://grahamcluley.com/facebook-remote-code-execution-vulnerability-earns-researcher-40000/

