5 Oct
2023
5 Oct
'23
1:16 a.m.
Fun.
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-...
If you have an Apple device, it must be updated. If it's no longer supported/updated, throw it away.
Anyone can send you a text or imessage (whatever that is) with a crafted webp image and p0wn your whole device: no clicks or user interaction required.
Same bug in Chrome: update your Chrome. If you cannot on that device (i.e. Win7) then throw it away or find a new OS/browser. But at least you'd have to visit a malicious web page.
Also affects linux webp libraries, so patch your stuff and restart any dynamically linked browsers/clients.