Brave 1.57.47 for mac download1/8/2024 ![]() ![]() But the effort to get rid of it or mitigate it is vastly less than log4shell (unless you aren't a java shop then log4shell didn't affect you).Įarly last week, Google released a new stable update for Chrome. To be clear: this libwebp-vulnerability is the serious, "needs to be patched immediately, unlimited overtime for everybody" kind of vulnerability. It was a full-blown RCE with bonus "can affect systems way beyond of your perimeter" and " every java application is suspect until proven clean". You can even prioritize your internet-facing applications. Server-side it's much easier to enumerate if you're vulnerable: if you don't handle images, you're fine. ![]() So either you have a tight grip on updates and push them to your users, or you don't have a tight grip and auto-update takes care of it. ![]() The client-side should be a non-issue (all the major networks have released updates and they have robust auto-update functionality). That's why I said client-side or server-side that handles image conversion (or thumbnail generation). Thousands of applications use that stuff. Webp lib is in everything that interacts with videos or parses them. Exploit-code would need to target IOS to get RCE on IOS that same file would not lead to an execution on Windows X64 (and vice-versa). This is cross platform.įrom what I see it's a C library that compiles to the different platforms. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |