![]() The severity of this vulnerability has been rated as 10/10, and it has been linked to the zero-click iMessage exploit chain known as BLASTPASS, which was used by the NSO Group to deploy their Pegasus spyware on compromised iPhones.Ĭitizen Lab’s Bill Marczak confirmed that the BLASTPASS exploit was used against a member of a civil society organization in Washington, D.C. This library is used by various popular apps such as 1Password, Firefox, Microsoft Edge, Safari, and Signal. It should be noted that this particular vulnerability was previously misidentified as a Chrome vulnerability, but has since been reassigned to the open-source libwebp library. This emergency patch comes shortly after Google fixed another zero-day vulnerability that was discovered by Apple’s Security Engineering and Architecture team, and Citizen Lab, a digital rights organization. The vulnerability has been fixed in the latest version of Google Chrome, 1.132, and is being rolled out to Windows, Mac, and Linux users in the Stable Desktop channel. TAG researcher Maddie Stone revealed that the Chrome vulnerability had been exploited to install spyware. Google has acknowledged that the exploit exists in the wild, but has not provided any further details about the attacks that have occurred. The vulnerability is described as a “heap buffer overflow in vp8 encoding in libvpx”. ![]() The vulnerability, known as CVE-2023-5217, was reported to Google’s Threat Analysis Group (TAG) by Clement Lecigne just prior to the patch being released. Google has urgently released a patch to fix a zero-day vulnerability in its Chrome browser after it was exploited by a commercial spyware vendor. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |