[RndTbl] CVE-2023-41064

Trevor Cordes trevor at tecnopolis.ca
Wed Oct 4 20:16:55 CDT 2023



If you have an Apple device, it must be updated.  If it's no longer
supported/updated, throw it away.

Anyone can send you a text or imessage (whatever that is) with a crafted
webp image and p0wn your whole device: no clicks or user interaction

Same bug in Chrome: update your Chrome.  If you cannot on that device
(i.e. Win7) then throw it away or find a new OS/browser.  But at least
you'd have to visit a malicious web page.

Also affects linux webp libraries, so patch your stuff and restart any
dynamically linked browsers/clients.

More information about the Roundtable mailing list