#libvpx — Public Fediverse posts

Patch Tuesday, October 2023 Edition

https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/

#PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Patch Tuesday, October 2023 Edition

https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/

#PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Patch Tuesday, October 2023 Edition

https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/

#PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Patch Tuesday, October 2023 Edition https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/ #PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Patch Tuesday, October 2023 Edition https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/ #PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Patch Tuesday, October 2023 Edition https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/ #PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Patch Tuesday, October 2023 Edition https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/ #PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Patch Tuesday, October 2023 Edition https://krebsonsecurity.com/2023/10/patch-tuesday-october-2023-edition/ #PatchTuesdayOctober2023 #RapidResetAttack #SkypeforBusiness #CVE-2023-35349 #CVE-2023-36563 #CVE-2023-36778 #CVE-2023-41763 #CVE-2023-44487 #DamianMenscher #SecurityTools #ImmersiveLabs #iPadOS17.0.3 #NatalieSilva #TimetoPatch #AdamBarnett #CloudFlare #iOS17.0.3 #microsoft #windows #Wordpad #Amazon #google #libvpx #Rapid7 #apple

Woohoo, another day, another #0day like the #libwebp one, this time in #libvpx: https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/

Let the purge / patch crunch begin!

VP8-Videokodierung: Zero-Day-Schwachstelle betrifft weit mehr als nur Chrome https://www.computerbase.de/2023-09/vp8-videokodierung-zero-day-schwachstelle-betrifft-weit-mehr-als-nur-chrome/ #VP8 #Google #Chrome #Schwachstelle #libvpx

#CyberVeille #libwebp #libvpx

🗒️ petit résumé / annotations surs les deux vulnérabilités basés sur les denières information disponibles au 29.09

"CVE-2023-5217 [ ndr 𝐥𝐢𝐛𝐯𝐩𝐱 ] requires a targeted device to create media in the VP8 format.

CVE-2023-4863 [ndr 𝐖𝐞𝐛𝐏 / 𝐥𝐢𝐛𝐰𝐞𝐛𝐏 ] could be exploited when a targeted device simply displayed a booby-trapped image."
👇
https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/

CVE-2023-5129 ➡️ Retirée par Mitre Duplicata CVE-2023-4863
👇
https://www.cve.org/CVERecord?id=CVE-2023-5129

------------------------

liste utile pour (merci @mttaggart ) suivi CVE-2023-4863 dans apps Electron
👇
https://docs.google.com/spreadsheets/d/1QLLFYCO0FMAu1ob6mnYCapW8dnx-HXunbf_zc9QLXlM/edit#gid=1774064991

FAQ CVE-2023-4863 par Tenable
👇
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-imageio-webp-zero-days

------------------------

Annonce CVE-2023-5217
👇
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

New 0-day in Chrome and Firefox will likely plague other software - Enlarge (credit: Getty Images)

A critical zero-day vulnerabili... - https://arstechnica.com/?p=1972043 #security #zero-day #exploit #firefox #libwebp #biz⁢ #chrome #libvpx

Maybe relying on one company's browser product for your entire computer is not a good idea.

#libWebP #libVPX #Electron

*Sigh*, another one of these:

"CVE-2023-5217: Heap buffer overflow in vp8 encoding in #libvpx."
"Google is aware that an exploit for CVE-2023-5217 exists in the wild."

Note that because it's in an underlying (video codec) library, it's probably going to be an issue in every browser and video player and electron app; just like the prior #libwebp #security bug.