The vulnerability is very simple to exploit, an attacker only needs a image uploader tool that leverages ImageMagick. During our research we found many popular web applications and SaaS products vulnerable to it (people love gravatars), and we have been contacting them privately to get things patched. Unfortunately, even with all the media attention, not everyone is aware of this issue.
Update From: ImageMagick Is On Fire — CVE-2016–3714
If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities by doing at least one of these two things (but preferably both!):
Use a policy file to disable the vulnerable ImageMagick coders. The global policy for ImageMagick is usually found in “/etc/ImageMagick”. The below policy.xml example will disable the coders EPHEMERAL, URL, MVG, and MSL.
My ImageMagick policy file is in /usr/lib64/ImageMagick-6.6.4/config/policy.xml Click the link to get the exact rules to add. I use ImageMagick with Gallery software but only admin has access to uploading images so this bug doesn’t matter for my use case.