A significant security flaw has been identified in ImunifyAV, a widely adopted malware detection tool for Linux-based web hosting environments. This vulnerability could enable malicious actors to execute arbitrary code remotely, potentially compromising entire hosting servers.

The flaw is rooted in the ai-bolit component integrated into the Imunify360 security suite, including the free ImunifyAV version and the paid ImunifyAV+. Users running versions prior to 32.7.4.0 are vulnerable. The vulnerability was publicly known since late October when CloudLinux, the vendor behind Imunify360, issued security updates to address the issue. Despite this, the flaw has yet to receive an official CVE identifier.

On November 10, CloudLinux released patches for older Imunify360 versions, and in recent advisories, emphasized the severity by labeling it a “critical security vulnerability.” They strongly recommend updating to at least version 32.7.4.0 to mitigate risks.

ImunifyAV functions as part of the larger Imunify360 platform, primarily used by hosting providers and shared hosting environments. It is typically deployed at the server level rather than directly managed by end-users. This widespread deployment means millions of websites—over 56 million, according to recent data—are running the scanner silently in the background, making the potential impact of this flaw substantial.

The core of the issue lies in the way ai-bolit handles malware unpacking. When analyzing obfuscated PHP files, the tool executes 'call_user_func_array' with function names extracted from the obfuscated code without proper validation. This allows attackers to execute dangerous PHP functions like 'system', 'exec', 'shell_exec', 'passthru', and 'eval', leading to remote code execution.

Although the default configuration of ai-bolit’s standalone CLI disables active deobfuscation, the integration within Imunify360 forces the scanner into an always-on mode for various types of scans, including background, on-demand, and rapid scans. This persistent activity creates an exploitable window that can be triggered with crafted malware samples.

Researchers have demonstrated an exploit that involves placing a malicious PHP file in the server's temporary directory. When scanned by the vulnerable ImunifyAV component, this file triggers remote code execution, highlighting the severity of the flaw and the urgent need for updates.A critical vulnerability in ImunifyAV has been identified that could allow malicious actors to gain complete control over affected websites. If the compromised scanner operates with elevated privileges on shared hosting environments, the risk could escalate to a full server breach.

To address this threat, CloudLinux has implemented a security patch incorporating a whitelisting system. This mechanism ensures that only predefined, safe functions are executed during the process of deobfuscation, effectively preventing malicious code from running arbitrarily.

Despite the seriousness of the flaw, there has been a noticeable lack of explicit warnings from CloudLinux and no associated CVE identifier to facilitate tracking and awareness. Nonetheless, system administrators are strongly advised to update their installations to version v32.7.4.0 or newer to mitigate the risk.

Currently, there are no official methods available for detecting if a system has been compromised, nor are there any established guidelines for identifying active exploitation attempts in the wild.

BleepingComputer has reached out to CloudLinux for comment regarding the issue; however, no response has been received as of the publication time.

On November 16, additional analysis by PatchStack security researchers revealed that the vulnerability might be more critical than initially thought. An easier exploitation pathway was discovered, which does not require the attacker to upload malicious files. Further details are provided in the latest update.

Subsequently, on November 17, Immunify360 issued a security advisory outlining recommended mitigation steps and a temporary workaround to protect affected systems.

Why People Need VPN Services to Unblock Porn

People need VPN services to unblock porn because they often face geo-restrictions, censorship, or privacy concerns that limit access to adult content. Unblock porn enables users to bypass these barriers by masking their IP address and encrypting their traffic, allowing safe and unrestricted browsing across different regions.

Why Choose SafeShell VPN to Access Adult Content

If you're looking to unblock porn sites that might be restricted in your region, SafeShell VPN offers a comprehensive solution that prioritizes both access and security. With SafeShell VPN, you can easily bypass geographical restrictions while maintaining complete privacy during your browsing sessions.

The benefits of SafeShell VPN extend far beyond just basic access:

1. Lightning-fast connection speeds ensure smooth streaming of high-definition content without frustrating buffering
2. Unique App Mode allows you to access content from multiple regions simultaneously without constantly switching servers
3. Proprietary ShellGuard protocol provides military-grade encryption that keeps your browsing habits completely private from ISPs and network administrators
4. Support for up to five devices means you can enjoy unblocked access across all your devices including smartphones, computers, and smart TVs
5. User-friendly interface makes it simple to connect and browse securely with just one click

How to Use SafeShell VPN to Unlock Porn Sites

To begin accessing geo-restricted adult content using SafeShell VPN, first ensure you have a stable internet connection and a compatible device.

• Visit the official SafeShell VPN website to create an account and select a suitable subscription plan for your requirements.
• Proceed to download the SafeShell VPN application directly from the site or your device's authorized app store, then follow the installation prompts to set it up.
• Launch the SafeShell VPN app and log in using your credentials, then navigate to the settings menu to activate the specialized streaming or high-speed mode designed for optimal performance.
• From the server list, choose a location in the region where the desired content is available, ensuring the connection is established successfully.
• Once connected via SafeShell VPN, open your browser or streaming platform to enjoy unrestricted access while maintaining privacy and security throughout your session.

Remember to disconnect from SafeShell VPN when not in use to preserve bandwidth and ensure normal internet functionality.