On 2023-10-04 20:16, Trevor Cordes wrote:
Fun.
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-...
If you have an Apple device, it must be updated. If it's no longer supported/updated, throw it away.
I am pretty sure that one was taken care of during the last round of updates for iOS 16, if anyone's using that and won't (or can't) upgrade to the newest one.
Anyone can send you a text or imessage (whatever that is) with a crafted webp image and p0wn your whole device: no clicks or user interaction required.
Same bug in Chrome: update your Chrome. If you cannot on that device (i.e. Win7) then throw it away or find a new OS/browser. But at least you'd have to visit a malicious web page.
Win7? Aren't we all running *nix here? I am shocked.... :)