Global business security is under threat from a new zero-day vulnerability, WebP 0day / CVE-2023-4863. Stay vigilant

Most of the business’s security worldwide is at risk today by New Zero-day vulnerability WebP 0day / CVE-2023-4863.

WebP 0day
Photo by Azamat Esenaliev from Pexels

A quick security alert as there’s another vicious zero-day vulnerability making the rounds that could have a massive impact on the IT and business world.

To describe how bad this is, an attacker can gain access to a system by simply a user visiting a web page.

The vulnerability is in the libwebp library, which is commonly used across a LOT of different tools and vendors. Google has given it the max severity score possible, and it could be worse than the log4j exploit many of you remember from ~18 months ago.

In my opinion, the offsite destination should be offline after the backup is complete. This ensures no compromise will reach it in case of a severe breach or human error incident that could delete metadata or backup data during replication.

Which vendors or are affected?

On one list of potentially affected vendors, there are a bunch of common tools used, and soon, there will be many more, including:

  • 1Password
  • Bitwarden
  • CrashPlan
  • Discord
  • Gimp
  • GitHub Desktop
  • Libre Office
  • Logitech Options+
  • Microsoft Teams
  • Notion
  • Shift
  • Signal
  • Slack
  • Skype
  • Telegram
  • Visual Studio Code
  • Yammer
  • And no doubt many more.

Most web browsers are also vulnerable and have already released patches, so if you or your users/employees see a notification to update their browser or any other software they are using, inform them as soon as possible. Check with your IT (External or Internal) if you are affected and how to mitigate the risks.

We are always here to help if you need more support.

Here are some related Links with news updates related to this:

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

https://www.cyberkendra.com/2023/09/webp-0day-google-assign-new-cve-for.html?m=1

If the above sounds confusing, very technical, or just time consuming for you current capacity, we are here to help Contact us by Clicking Here. We are helping businesses to stabilizing and optimizing their environments. We also offer monitoring as a service if you just want us to keep an eye and alert you if something has indications of the will stop working soon. Here is an article related to monitoring

About Alexios Pappas – Alexios Pappas has worked internally in IT Departments in multi-role technical and management positions for many years. In parallel, Alexios led IT multinational projects across several countries globally as an IT Freelancer. He repeatedly got Top Rated Plus distinction and also 100% satisfaction rate for over one and a half-decade, resulting from the Client’s feedback. Since 2015 he has been focused on informing and helping Businesses that want to improve and excel in their IT Section.