More background info... https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code... I didn't realize WebP had been around since 2010. Yikes, that's a long time for a vulnerability to be hanging around, patiently waiting to be adopted by us trusting souls! And, coincidentally... https://www.malwarebytes.com/blog/news/2023/09/pegasus-spyware-and-how-it-ex... ... the company behind Pegasus has also been around since 2010. Not going into conspiracy theory, but it does mean there has been a long window of vulnerability to be potentially exploited here, by very motivated (and well-funded) bad actors. Gilbert On 2023-10-05 10:48 a.m., Gilbert Detillieux wrote:
On 2023-10-04 8:16 p.m., Trevor Cordes wrote:
Fun.
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-...
If you have an Apple device, it must be updated. If it's no longer supported/updated, throw it away.
See also...
https://www.bleepingcomputer.com/news/security/google-assigns-new-maximum-ra... https://www.bleepingcomputer.com/news/security/apple-backports-blastpass-zer... ...
-- Gilbert Detillieux E-mail: Gilbert.Detillieux@umanitoba.ca Computer Science Web: http://www.cs.umanitoba.ca/~gedetil/ University of Manitoba Phone: 204-474-8161 Winnipeg MB CANADA R3T 2N2 For best CS dept. service, contact <cs-support@lists.umanitoba.ca>.