Critical CVIS 10-rated Zero-day Webp vulnerability wildly exploited. Reassigned to CVE-2023-5129.

Google’s libwebp based zero-day vulnerability is now reassigned to CVE 2023-5129. It is wildly exploited. Attackers are using webp images to transmit malicious codes to extract sensitive information from their victims. 
Google released a security fix for a critical vulnerability that affected Google Chrome for Windows, macOS, and Linux. The vulnerability was given the CVE ID as CVE-2023-4863 and has been given a severity of 8.8 (High).


On analyzing the vulnerability, it was discovered that a heap buffer overflow vulnerability existed in the libwebp library that a threat actor can exploit to perform out-of-bounds memory write via a crafted HTML page. However, this vulnerability was resubmitted by Google, which is now tracked as CVE-2023-5129. It was later found that CVE-2023-41064 and this vulnerability were similar and affected the same libwebp library.  

Threat actors exploited this particular library during the BLASTPASS exploit chain attack for deploying the NSO’s Pegasus Spyware. Though both of these vulnerabilities had different CVE IDs and were released by different vendors, they both affect the same library. 

More details for visit our website: https://sharkstriker.com/blog/critical-cvis-10-rated-zero-day-webp-vulnerability-wildly-exploited-reassigned-to-cve-2023-5129/

Comments

Post a Comment

Popular posts from this blog

SharkStriker | Your threat striking company

Due to the emergence of high bandwidth, low latency 5G internet, there is a significant amount of increase in devices that are helping businesses across the globe transform. But this increase in devices is also one of the fundamental attack surfaces for cyber criminals who are looking for an open-door entry into their network. This new entry of devices into the organizational network has presented a business risk for organizations worldwide with a wide range of endpoints being vulnerable to threats.  According to a Ponemon Institute report, over 68% of organizations have experienced more than one attack which has led to them facing a huge data loss and compromise of their IT infrastructure. Therefore, in today’s world, it has become imperative for organizations to step up their cybersecurity ball game in order to proactively be prepared against such cyber threats and criminals. Before we delve into endpoint security it is important to know what endpoints are and how security has evolve
Read more

Top 10 most common types of cyber attacks.

Image
  We have seen some of the common cyber attacks that are affecting businesses worldwide. We have also explored what cyberattacks are and how they can differ depending on the cyberattacker and their motivations and intentions. What is a cyber attack and how it works? A cyber attack is an attempt to intentionally steal, alter or destroy data sensitive to a business. It’s carried out with an intention that can either be monetary or political. It can also be for a cause. Many cyber attackers are hacktivists who do cyber attacks to raise awareness for societal or political reasons. The nature and gravity of a cyber attack is dependent on the nature and cause of a cyber attacker. For example, while some cyber criminals may spend a lot of time on an attack targeting a big business, others may spend considerably less time targeting a small business. Others may target government or social institutions for the cause of political agenda or social or environmental cause. Now let us explore some of
Read more

Top 10 cybersecurity risks and threats for the banking sector in 2024

Image
  Learn about some of the potential cyber risks and threats that the banking sector may face in 2024 The banking sector faces inherent vulnerabilities to cyber-attacks driven by its heavy reliance on interconnected digital infrastructure and the storage of highly sensitive financial and personal information. Pointing to one key vulnerability is the prevalence of outdated legacy systems still in use, which may lack the latest security features and updates. These systems often have vulnerabilities that cybercriminals can exploit. Moreover, the extensive sharing of financial data among institutions and third-party service providers increases the attack surface. Human factors contribute significantly to the sector's vulnerability, with phishing attacks and social engineering exploiting individuals' unsuspecting behavior. Inadequate cybersecurity awareness and training make employees more susceptible to manipulation. Additionally, the rapid adoption of new technologies, such as mob
Read more