1/22/2024 0 Comments Everwing hack chrome storeRather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code library that apps, operating systems, and other code libraries incorporate to process WebP images. Google said that the vulnerability, designated as CVE-2023-4863, was reported by the Apple Security Engineering and Architecture team and Citizen Lab.įurther Reading With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe?Speculation, including from me, quickly arose that a large number of similarities strongly suggested that the underlying bug for both vulnerabilities was the same. Google went on to warn that an exploit for the vulnerability existed in the wild. The company said the vulnerability was what’s known as a heap buffer overflow that was present in WebP. Apple credited the discovery of the zero-day to Citizen Lab, a research group at the University of Toronto’s Munk School that follows attacks by nation-states targeting dissidents and other at-risk groups.įour days later, Google reported a critical vulnerability in its Chrome browser. “Huge blindspot”Īpple said the vulnerability, tracked as CVE-2023-41064, stemmed from a buffer overflow bug in ImageIO, a proprietary framework that allows applications to read and write most image file formats, which include one known as WebP. Simply receiving a call or text on an iPhone was enough to become infected by the Pegasus, which is among the world’s most advanced pieces of known malware. The attacks used a zero-click method, meaning they required no interaction on the part of targets. Two weeks ago, Apple reported that threat actors were actively exploiting a critical vulnerability in iOS so they could install espionage spyware known as Pegasus. Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s causing a large number of offerings from other developers to go unpatched, researchers said Thursday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |