ConnectSecure Helps MSPs Address Critical WebP Vulnerability
ConnectSecure now scans and identifies CVE-2023-4863, a critical vulnerability affecting the libwebp library with potentially severe implications for multiple applications, browsers, and operating systems. Disclosed the other week, the vulnerability is considered to be on par with Log4j; in other words, far more serious and widespread than originally thought. (more details below)
“We are working diligently to help MSPs identify and patch applications associated with this critical zero-day vulnerability," says Peter Bellini, CEO of ConnectSecure. "The team put in a quick solution and we’re actively expanding our scanning for more impacted software."
The Uncovering of CVE-2023-4863 in ‘libwebp’
Two weeks ago, Google issued a security advisory for a critical vulnerability in the libwebp library, which is used to render WebP images. Initially disclosed as affecting only Chrome, the advisory proved to be too limited. As other major browsers began issuing notices, it became clear the impact was far-reaching, including any code that uses the libwebp library which means millions of applications are now at risk.
Massive Attack Surface
Cybersecurity experts noted that the vulnerable library was found in several popular container images’ latest versions, collectively downloaded and deployed billions of times, such as Nginx, Python, Joomla, WordPress, Node.js, and more.
This so-called heap overflow vulnerability, tracked as CVE-2023-4863, essentially allows attackers to execute malicious code when users view a booby-trapped WebP image. To reflect the critical nature of this vulnerability, Google revised the designation to CVE-2023-5129 and assigned it the highest CVSS severity rating of 10 out of 10. (Side note: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority since it’s a duplicate of CVE-2023-4863)
More Discoveries and Warnings
Further complicating the situation, the vulnerability was independently discovered by both the Citizen Lab and Apple's Security Engineering and Architecture (SEAR) team. The Cybersecurity and Infrastructure Security Agency (CISA) also issued warnings about active exploitation by undisclosed threat actors, showing the immediate risk posed by this vulnerability.
Notably, critics say the miscommunication between Google and Apple during the early stages of addressing the vulnerability gave threat actors more time and created a “huge blindspot” for zero-day hunters. Both companies initially understood the vulnerability to affect different products, despite both using the libwebp library.
Link to Pegasus Software
Additionally, researchers identified a connection between this vulnerability and another, CVE-2023-41064, which had been previously exploited by threat actors as part of the BLASTPASS exploit chain. This chain was used to deploy the NSO Group’s Pegasus spyware on targeted mobile devices, further elevating the significance and potential consequences of the libwebp library vulnerability.
ConnectSecure Responds to WebP Vulnerability
In response, ConnectSecure immediately mobilized resources to promptly identify and patch applications associated with this vulnerability. Our team is vigorously testing and deploying patches for a wide range of applications and platforms.
Specifically, patches are tested for:
- Google Chrome – Mac and Linux 116.0.5845.187 and Windows 116.0.5845.187/.188.
- Mozilla – Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2
- Brave Browser – version 1.57.64 (Chromium: 116.0.5845.188) [Android, iOS, Linux & Mac].
- Microsoft Edge – versions 109.0.1518.140, 116.0.1938.81, and 117.0.2045.31.
- Tor Browser – version 12.5.4.
- Opera – version 102.0.4880.46.
- Vivaldi – version 6.2.3105.47.
- NixOS - Nix package manager
- Tails Project
We are also undertaking comprehensive scanning for potential vulnerabilities across a diverse range of applications, including CrashPlan, Cryptocat (discontinued), Discord, Eclipse Theia, FreeTube, GitHub Desktop, GitKraken, Joplin, Keybase, Lbry, Light Table, Logitech Options +, LosslessCut, Mattermost. Microsoft Teams. MongoDB Compass, Mullvad, Notion. Obsidian QQ (for macOS), Quasar Framework, Shift, Signal, Skype, Slack, Symphony Chat, Tabby, Termius, TIDAL, Twitch, Visual Studio Code, WebTorrent, Wire, and Yammer.
Empowering MSP Customers
ConnectSecure is committed to empowering our MSP customers to safeguard themselves and their end users against rising cyber threats. We back them up with the only multi-tenant, all-in-one vulnerability scanning & compliance management tool designed and priced specifically for MSPs and MSSPs. Count on us to deliver the full breadth of proactive cybersecurity, including, for instance:
- Attack Surface Scanning: We perform external Deep Attack Surface Scans to identify and address vulnerabilities in digital infrastructure and enhance overall security.
- Active Threat Management: We provide enhanced protection with EPSS (Exploit Prediction Scoring System) against evolving cyber threats through proactive monitoring, detection, and response measures.
- Patch Management: We diligently test and push out patches for all affected applications, ensuring swift remediation. (A surprising number of high-profile breaches are the result of unpatched applications. Read more: MOVEit, LastPass and Other Breaches Prove Need for Proactive Security)
- Real-Time Updates: We promptly share updates and advisories to keep our customers informed of evolving threats
Stay Ahead with ConnectSecure
Through the ConnectSecure cybersecurity platform, we are working tirelessly to mitigate the risks associated with this critical vulnerability. We urge all MSPs to remain vigilant, stay informed, and adopt proactive measures to stay ahead of potential threats.