Post AaGijiWFuHctWWzepk by k3ym0@infosec.exchange
(DIR) More posts by k3ym0@infosec.exchange
(DIR) Post #AaGhYvURF3cwc0QywK by sullybiker@sully.site
2023-09-29T19:01:53Z
0 likes, 1 repeats
CVE-2023-1529 no telling how serious this one actually is, but there's a lot of patches out there, so update your shit #infosec
(DIR) Post #AaGhoAWDeDYPZBXFPk by k3ym0@infosec.exchange
2023-09-29T19:04:37Z
0 likes, 0 repeats
@sullybiker Looks like this is from April and has been patched for some time?
(DIR) Post #AaGhqfa97rnGUFZ4YS by sullybiker@sully.site
2023-09-29T19:05:04Z
0 likes, 0 repeats
@k3ym0 Shit did I typo it, hold on
(DIR) Post #AaGhxJYdPVO6Cs1gOm by sullybiker@sully.site
2023-09-29T19:06:16Z
0 likes, 0 repeats
@k3ym0 libwebp vulnerability?
(DIR) Post #AaGiA9kXBhsLYHiQSW by k3ym0@infosec.exchange
2023-09-29T19:08:34Z
0 likes, 0 repeats
@sullybiker uhhh when i look up that CVE it's showing as a Chrome vuln:https://nvd.nist.gov/vuln/detail/CVE-2023-1529
(DIR) Post #AaGiClEuluqAP8ASfI by sullybiker@sully.site
2023-09-29T19:09:06Z
0 likes, 0 repeats
@k3ym0 That's part of it - full story is here: https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-imageio-webp-zero-days
(DIR) Post #AaGijiWFuHctWWzepk by k3ym0@infosec.exchange
2023-09-29T19:15:01Z
0 likes, 0 repeats
@sullybiker ooooof. yeah this looks nasty. WebP is used everywhere...
(DIR) Post #AaGj1pb2KhiYgYrphI by sullybiker@sully.site
2023-09-29T19:18:19Z
0 likes, 0 repeats
@k3ym0 A lot of the big stuff has been fixed for a few days, but things like Electron-based apps it's less clear. Hard to find out the safe versions. At least they're working on it!
(DIR) Post #AaGoUjp3NXtOwl1ik4 by mkj@social.linux.pizza
2023-09-29T20:19:31Z
0 likes, 0 repeats
@sullybiker https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/ has versions for Electron at the bottom.