More background info...
https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code...
I didn't realize WebP had been around since 2010. Yikes, that's a long time for a vulnerability to be hanging around, patiently waiting to be adopted by us trusting souls!
And, coincidentally...
https://www.malwarebytes.com/blog/news/2023/09/pegasus-spyware-and-how-it-ex...
... the company behind Pegasus has also been around since 2010. Not going into conspiracy theory, but it does mean there has been a long window of vulnerability to be potentially exploited here, by very motivated (and well-funded) bad actors.
Gilbert
On 2023-10-05 10:48 a.m., Gilbert Detillieux wrote:
On 2023-10-04 8:16 p.m., Trevor Cordes wrote:
Fun.
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-...
If you have an Apple device, it must be updated. If it's no longer supported/updated, throw it away.
See also...
https://www.bleepingcomputer.com/news/security/google-assigns-new-maximum-ra... https://www.bleepingcomputer.com/news/security/apple-backports-blastpass-zer... ...