09 Oct WebP / Libwebp Vulnerability

Vulnerability in WebP and Libwebp **This is crucial and should be examined by your management**

A new photo format for webpages is called WebP. It loads more quickly, is better for browsers, has higher quality, and less file sizes. Since Log4j, this is the most important Zero-Day vulnerability in the last 18 months—and it could even be worse.

Google Chrome, Apple, Microsoft Teams, and MANY more software programs are all impacted by this!

What you must do is:

Under no circumstances should you right-click any images on websites and choose “Save a Copy”; if you must, make sure to save the picture as a JPG or PNG file rather than one in webp format. In spite of everything, you’re still not in the clear.

How are we responding to this:

Our only option is to maintain everything patched and updated, BUT certain software programs still need updates. Priority will be given to our Fully Managed clients first, then our Hybrid clients.

There is presently no method for us to automate this. Furthermore, there is far too much unknowable knowledge.

Technical Report:

News of the active exploitation of the previously mislabeled zero-day vulnerability CVE-2023-4863 (updated with CVE-2023-5129) in a widely used webp image format component was made public on Wednesday, September 27, 2023.

Numerous platforms and business/on-premises and cloud-delivered software support this picture format.

This covers chromium-based applications like the Google Chrome and Microsoft Edge browsers as well as electron-based applications like the already patched Microsoft Teams program.

The immediate impact on systems that we host or manage for clients is, in our opinion, minor because of our overall strategy of reducing Internet-exposed services and quick reaction to the installation of security updates.

We want to reassure clients that we continue to take the issue extremely seriously and will be applying mitigations or remedies as they become available, despite the fact that this is a constantly moving scenario.

The remainder of this email includes information on how we addressed the Webp/Libwebp vulnerability as well as a FAQ that customers may use to determine their level of risk.

THE PRESENT CONDITION

We continue to examine our internal systems for any indications of the vulnerability.

We are also checking our clients’ clients’ technology for vulnerabilities, and we’ll be updating you on this.

PERIODICAL RESPONSE

We continue to be alert and prepared to act in order to:

Checking our first evaluations

Keep an eye out for new information regarding the range of impacted technologies.

If required, reevaluate for exposure.

WHO OR WHAT IS VULNERABLE?

The Webp vulnerability may be the most significant critical vulnerability we have found so far this year.

Criminals will try to take advantage of a Buffer Overflow Vulnerability in the Libwebp part of the Webp image format in this assault. This may allow a remote attacker to infect affected computer systems with remote access trojans.

In plain English, an attacker could be able to acquire full remote access to your computer by simply viewing an infected picture or photo.

Depending on whether the vulnerable program can download and open pictures, the vulnerability can sometimes be exploited without the end user’s involvement. The outcome is a complete system breach, and there is no need for authentication for the attack. Given how extensively used this standard software component is, this is as terrible as it gets.

SOS Fast research results:

We have conducted extensive investigation internally, and we genuinely believe that this vulnerability will be utilized to target larger firms. It takes a LOT of work for the hackers to use the attack since it is SO COMPLEX. – so they will likely focus on high revenue targets. This is our assumption.

FAQ  

Q: Is there anything we need to do?

A: Some third-party systems used by your company may be affected, please monitor your email for Vendor advice and send anything to us as soon as you have it. Let us know as well if you note any software that seems to be out of date.

SOME HELPFUL RESOURCES

• Google security advisory (AV23-584) – Canadian Centre for Cyber Security
• Google quietly corrects previously submitted disclosure for critical webp 0-day | Ars Technica
• CCCS AV21-626 Apache Security Advisory
• NVD – CVE-2023-4863 (nist.gov)
• NVD – CVE-2023-5129 (nist.gov)
• NVD – CVE-2023-41064 (nist.gov)
• Critical WebP bug: many apps, not just browsers, under threat (stackdiary.com)
• Google assigns new maximum rated CVE to libwebp bug exploited in attacks (bleepingcomputer.com)

————————————

Mailing Address Change:

Please send all mail correspondence to the following address and no longer to the Draper PO Box.

SOS Support

1098 W South Jordan Pkwy #106

South Jordan, UT 84095

——————————————-

For the latest cyber-attacks reports, follow these links:

https://www.cisa.gov/uscert/ncas/current-activity

https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents

Thanks,

Jason