#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

WebP | Breaking Cybersecurity News | The Hacker News

Category — WebP
Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Sep 27, 2023 Zero Day / Vulnerability
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the  WebP format  that has come under active exploitation in the wild. Tracked as  CVE-2023-5129 , the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the  Huffman coding algorithm  - With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized ar
Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Sep 22, 2023 Zero Day / Vulnerability
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991  - A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation. CVE-2023-41992  - A security flaw in Kernel that could allow a local attacker to elevate their privileges. CVE-2023-41993  - A WebKit flaw that could result in arbitrary code execution when processing specially crafted web content. Apple did not provide additional specifics barring an acknowledgement that the "issue may have been actively exploited against versions of iOS before iOS 16.7." The updates are available for the following devices and operating systems - iOS 16.7 and iPadOS 16.7  - iPhone 8 and later, iPad Pro (all models), iP
Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

Enterprise Identity Threat Report 2024: Unveiling Hidden Threats to Corporate Identities

Oct 31, 2024Identity Security / Browser Security
In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data breaches, account takeovers, and credential theft. The "Enterprise Identity Threat Report 2024" ( download here ) is based on exclusive data available only to the LayerX Browser Security platform. This data derives from LayerX's unique visibility into every user action in the browser, across industries. It provides a detailed analysis of emerging risks and uncovered hidden threats. To register to a live webinar to cover the key findings in this report, Click here . Below is a deeper dive into some of the report's most critical findings: 1. The Greatest Risk Comes from 2% of Users Security profe
Expert Insights / Articles Videos
Cybersecurity Resources