Zero Day Vulnerability

Zero Day Vulnerability

Here is some more information on the Zero Day Vulnerability CVE-2023-5129 which has a Most Severe rating.

How bad is the vulnerability?

  • Successful exploitation could potentially result in attackers taking control of a system, executing arbitrary code, and accessing sensitive user data.
  • The vulnerability affects but is not limited to major browsers like Chrome, Firefox, Safari, and Edge.
  • Already being exploited by threat actors: Linked to (Citizen Lab's BLASTPASS report) a zero-click, zero-day iPhone exploit form 07/09/2023 Earlier this month (11/09/2023), Google acknowledged that this was being exploited in the wild.

What applications are affected?

Any software that utilizes the WebP codec (libwebp), including the below popular apps:

  • Android phones and all it's apps
  • Google Chrome
  • Mozilla Firefox
  • Apple Safari
  • Microsoft Edge
  • Microsoft Teams
  • 1Password
  • Bitwarden
  • CrashPlan
  • Discord
  • GitHub Desktop
  • GitKraken
  • Logitech Options +
  • Signal
  • Skype
  • Slack
  • TIDAL
  • Twitch
  • Visual Studio Code
  • Wire

Full list of applications using the codec is unknown due to the widespread use of the codec, however a more comprehensive list can be found at the site's below

What patches are available for this?

At the time of writing, the following software are known to have pushed out a patch to combat the issue:

If you want to find out more please get in touch.

Source: https://www.cyberkendra.com/2023/09/webp-0day-google-assign-new-cve-for.html

要查看或添加评论,请登录

Toro Solutions的更多文章

社区洞察

其他会员也浏览了