all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A Vulnerability to Hack The World - CVE-2023-4863

Add to bookmarks
Dec. 21, 2023, 3:58 p.m. | LiveOverflow

LiveOverflow www.youtube.com

Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned.

Want to learn hacking? Signup to https://hextree.io (ad)
Buy my shitty font: https://shop.liveoverflow.com/ (ad)

WebP Fix Commit: https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a
Citizenlab: https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Ben Hawkes: https://blog.isosceles.com/the-webp-0day/

Software Updates
Apple https://support.apple.com/en-gb/106361
Chrome https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
Firefox https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Android …

0day actively exploited blastpass buffer buffer overflow build citizenlab cve cve-2023-41064 cve-2023-4863 exploited function hack heap buffer overflow image issue overflow share software software updates thanks updates vulnerability webp world

Visit resource

More from www.youtube.com / LiveOverflow

Finding The .webp Vulnerability in 8s (Fuzzing with AFL++) 3 months ago | www.youtube.com
afl cve cve-2023-4863 fuzzing +9
A Vulnerability to Hack The World - CVE-2023-4863 4 months ago | www.youtube.com
0day actively exploited blastpass buffer +21
Reinventing Web Security 5 months, 1 week ago | www.youtube.com
access clear database down +13
The Circle of Unfixable Security Issues 6 months, 1 week ago | www.youtube.com
bounty bug bug bounty bugs +12
Binary Exploitation vs. Web Security 6 months, 3 weeks ago | www.youtube.com
social support
Hacker Tweets Explained 7 months, 1 week ago | www.youtube.com
context explained hacker justin +6
Zenbleed (CVE-2023-20593) 7 months, 4 weeks ago | www.youtube.com
amd amp asm assembly +18
The Discovery of Zenbleed ft. Tavis Ormandy 8 months, 1 week ago | www.youtube.com
bugs concept cpu cpus +16
Asking Android Developers About Security 8 months, 3 weeks ago | www.youtube.com
android android developers android security asking +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States
View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India
View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone
View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA
View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs