Why You Need To Patch More Than Your Browser For WebP Vulnerabilities Now! [YouTube Release]

Additional Resources:

Links Mentioned

Connecting With Us

• Hire Us For A Project: Hire Us – Lawrence Systems
• Tom Twitter https://twitter.com/TomLawrenceTech
• Our Web Site https://www.lawrencesystems.com/
• Our Forums https://staging-forum.lawrencesystems.com/
• Instagram https://www.instagram.com/lawrencesystems/
• Facebook Lawrence Systems | Southgate MI
• GitHub lawrencesystems (Lawrence Systems) · GitHub
• Discord lawrencesystems

Lawrence Systems Shirts and Swag

►👕 https://lawrence.video/swag/

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
Lawrence Systems's Amazon Page

All Of Our Affiliates that help us out and can get you discounts!
https://www.lawrencesystems.com/partners-and-affiliates/

Gear we use on Kit
Kit

Use OfferCode LTSERVICES to get 10% off your order at
Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
DigitalOcean | Cloud Hosting for Builders

HostiFi UniFi Cloud Hosting Service
HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
Buy VPN with Credit Card or PayPal | Private Internet Access

Patreon
lawrencesystems | creating Tech Tutorials & Reviews | Patreon

Time Stamps
00:00 - CVE 2023 4863 Critical libwebp Vulnerability Under Active Exploitation
01:37 - Actual Attack Surface
03:00 - Browser Version Updates
05:00 - QT And The Many Application That Embed Webp
07:17 - How Bad Is Windows 7?

Reddit post on the topic with lots of discussion

https://www.reddit.com/r/sysadmin/comments/16teato/ah_f_cvss_100_dropped_absolute_meltdown_incoming/

NinjaOne did a nice write up listing the vulnerable applications but I want to make something clear: While many applications may contain the libraries because they were part of a larger bundle of codes that came with the frame work on which the application was built, if they do not have a way to process or interact with WebP files then there is not a path that would lead to exploitation.

Uggg! I haven’t seen an emergency Microsoft patch, have they delt with this yet? Or are we going to need to wait until exploit Wednesday (day after patch Tuesday) which is still two weeks away.

Any idea if Adobe checked and hopefully fixed this in Creative Cloud? If CC wasn’t vulnerable I’d be incredibly surprised. As you mentioned, I think any old version of Resolve Suite for Windows and Mac are going to be at risk. (edit) in May of 2023 Adobe released webP of Photoshop, and VP8/VP9 codecs have been in Premiere for a while. Not on the list from Ninja 1, but that list will be an every increasing list until everyone is patched.

As I said above, not everything is going to have a path: