Warning of Zero Day Exploit: WebP vulnerability affects numerous applications


Reading time: minutes ( words)
warning of Zero Day Exploit: WebP vulnerability affects numerous applications

Warning of Zero Day Exploit: WebP vulnerability affects numerous applications

Highly critical vulnerability discovered in WebP graphics format
WebP is an open-source image format developed by Google that results in smaller file sizes with fewer visual artefacts. It is used by a wide range of applications. The zero-day vulnerability that has now been discovered therefore has serious implications, the extent of which is currently difficult to assess.

Originally, this vulnerability was only identified for Google Chrome, but already a short time later this classification was revised: Google marked the old vulnerability (CVE-2023-4863) as critical and applied for the new entry (CVE-2023-5129), with a CVSS score of 10. In addition, the old entry was updated to indicate that the entire libwebp library, which is used by many applications, is affected.

What exactly does the exploit look like?
The extent and exact nature of a potential attack are currently uncertain. It is suspected that manipulated WebP graphics on appropriately prepared HTML websites pose great danger. In the worst case, a visit to such a website is sufficient to have malicious code delivered.

These applications and systems are affected
The vulnerable applications include browsers such as Edge and Firefox, Linux distributions (e.g. Debian and Ubuntu) and other software such as LibreOffice, Slack and Signal Desktop. Of particular note, many applications that rely on the Electron framework are also affected. A list of vulnerable Electron apps is currently being compiled on Github.

It can be assumed that many manufacturers are currently checking their use of the WebP graphics format and investigating whether they are acutely affected. The list can therefore only be a snapshot.

Protective measures and updates for users
The list of vulnerable applications is extensive and hardly any security updates are available yet! Users should therefore check for updates and install them as soon as possible. Security patches for Firefox (https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/), Thunderbird, Chrome (https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?ref=blog.isosceles.com), Apple iOS and Tails are available.

Possible connection to the BLASTPASS attack and NSO Group
A researcher makes a connection between the WebP vulnerability and the so-called BLASTPASS attacks on Apple systems by the NSO Group. However, no further details on this connection are currently available.

Recommendation for action - absolutely patch!:
We recommend that IT security managers immediately apply the patches known and provided to date. In the MVSP environment (vulnerability management), the first test patterns already exist and are being actively evaluated and tested by our cyber security analysts.
Our customers with an active managed service contract for ACD are of course informed about malicious communication on their systems.

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back