Err... all the UNIX versions of Chrome are vulnerable, too. And iOS and iPadOS both still uses a heck of a lot of FreeBSD kernel and libc, under the hood. -Adam
-----Original Message----- From: Roundtable roundtable-bounces@muug.ca On Behalf Of Alberto Abrao Sent: Wednesday, October 4, 2023 8:37 PM To: Continuation of Round Table discussion roundtable@muug.ca Subject: Re: [RndTbl] CVE-2023-41064
On 2023-10-04 20:16, Trevor Cordes wrote:
Fun.
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-...
If you have an Apple device, it must be updated. If it's no longer supported/updated, throw it away.
I am pretty sure that one was taken care of during the last round of updates for iOS 16, if anyone's using that and won't (or can't) upgrade to the newest one.
Anyone can send you a text or imessage (whatever that is) with a crafted webp image and p0wn your whole device: no clicks or user interaction required.
Same bug in Chrome: update your Chrome. If you cannot on that device (i.e. Win7) then throw it away or find a new OS/browser. But at least you'd have to visit a malicious web page.
Win7? Aren't we all running *nix here? I am shocked.... :)