[RndTbl] CVE-2023-41064
Adam Thompson
athompso at athompso.net
Wed Oct 4 20:57:22 CDT 2023
Err... all the UNIX versions of Chrome are vulnerable, too. And iOS and iPadOS both still uses a heck of a lot of FreeBSD kernel and libc, under the hood.
-Adam
-----Original Message-----
From: Roundtable <roundtable-bounces at muug.ca> On Behalf Of Alberto Abrao
Sent: Wednesday, October 4, 2023 8:37 PM
To: Continuation of Round Table discussion <roundtable at muug.ca>
Subject: Re: [RndTbl] CVE-2023-41064
On 2023-10-04 20:16, Trevor Cordes wrote:
> Fun.
>
> https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-imageio-webp-zero-days
>
> If you have an Apple device, it must be updated. If it's no longer
> supported/updated, throw it away.
I am pretty sure that one was taken care of during the last round of
updates for iOS 16, if anyone's using that and won't (or can't) upgrade
to the newest one.
> Anyone can send you a text or imessage (whatever that is) with a crafted
> webp image and p0wn your whole device: no clicks or user interaction
> required.
>
> Same bug in Chrome: update your Chrome. If you cannot on that device
> (i.e. Win7) then throw it away or find a new OS/browser. But at least
> you'd have to visit a malicious web page.
Win7? Aren't we all running *nix here? I am shocked.... :)
--
Kind regards,
Alberto Abrao
_______________________________________________
Roundtable mailing list
Roundtable at muug.ca
https://muug.ca/mailman/listinfo/roundtable
More information about the Roundtable
mailing list