ConnectSecure now scans and identifies CVE-2023-4863, a critical vulnerability affecting the libwebp library with potentially severe implications for multiple applications, browsers, and operating systems. Disclosed the other week, the vulnerability is considered to be on par with Log4j; in other words, far more serious and widespread than originally thought. (more details below)
“We are working diligently to help MSPs identify and patch applications associated with this critical zero-day vulnerability," says Peter Bellini, CEO of ConnectSecure. "The team put in a quick solution and we’re actively expanding our scanning for more impacted software."
Two weeks ago, Google issued a security advisory for a critical vulnerability in the libwebp library, which is used to render WebP images. Initially disclosed as affecting only Chrome, the advisory proved to be too limited. As other major browsers began issuing notices, it became clear the impact was far-reaching, including any code that uses the libwebp library which means millions of applications are now at risk.
Cybersecurity experts noted that the vulnerable library was found in several popular container images’ latest versions, collectively downloaded and deployed billions of times, such as Nginx, Python, Joomla, WordPress, Node.js, and more.
This so-called heap overflow vulnerability, tracked as CVE-2023-4863, essentially allows attackers to execute malicious code when users view a booby-trapped WebP image. To reflect the critical nature of this vulnerability, Google revised the designation to CVE-2023-5129 and assigned it the highest CVSS severity rating of 10 out of 10. (Side note: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority since it’s a duplicate of CVE-2023-4863)
Further complicating the situation, the vulnerability was independently discovered by both the Citizen Lab and Apple's Security Engineering and Architecture (SEAR) team. The Cybersecurity and Infrastructure Security Agency (CISA) also issued warnings about active exploitation by undisclosed threat actors, showing the immediate risk posed by this vulnerability.
Notably, critics say the miscommunication between Google and Apple during the early stages of addressing the vulnerability gave threat actors more time and created a “huge blindspot” for zero-day hunters. Both companies initially understood the vulnerability to affect different products, despite both using the libwebp library.
Additionally, researchers identified a connection between this vulnerability and another, CVE-2023-41064, which had been previously exploited by threat actors as part of the BLASTPASS exploit chain. This chain was used to deploy the NSO Group’s Pegasus spyware on targeted mobile devices, further elevating the significance and potential consequences of the libwebp library vulnerability.
In response, ConnectSecure immediately mobilized resources to promptly identify and patch applications associated with this vulnerability. Our team is vigorously testing and deploying patches for a wide range of applications and platforms.
Specifically, patches are tested for:
We are also undertaking comprehensive scanning for potential vulnerabilities across a diverse range of applications, including CrashPlan, Cryptocat (discontinued), Discord, Eclipse Theia, FreeTube, GitHub Desktop, GitKraken, Joplin, Keybase, Lbry, Light Table, Logitech Options +, LosslessCut, Mattermost. Microsoft Teams. MongoDB Compass, Mullvad, Notion. Obsidian QQ (for macOS), Quasar Framework, Shift, Signal, Skype, Slack, Symphony Chat, Tabby, Termius, TIDAL, Twitch, Visual Studio Code, WebTorrent, Wire, and Yammer.
Empowering MSP Customers
ConnectSecure is committed to empowering our MSP customers to safeguard themselves and their end users against rising cyber threats. We back them up with the only multi-tenant, all-in-one vulnerability scanning & compliance management tool designed and priced specifically for MSPs and MSSPs. Count on us to deliver the full breadth of proactive cybersecurity, including, for instance:
Through the ConnectSecure cybersecurity platform, we are working tirelessly to mitigate the risks associated with this critical vulnerability. We urge all MSPs to remain vigilant, stay informed, and adopt proactive measures to stay ahead of potential threats.
Want to learn more about what ConnectSecure can do for your MSP? Sign up for a group demo or see the impact of ConnectSecure for yourself with a 14-day free trial.
Read More
Do You Know Enough to Reduce Your Clients' Attack Surface?
Beyond Perimeter Security: The Role of Attack Surface
The Economic Case for ConnectSecure's Security Vulnerability Remediation