Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS

• libwebp library is vulnerable to heap overflow and can lead to RCE.
• Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
• #Google assigned #CVE20235129 for Chrome 0day and also exploited
• Millions of apps and software use this library. See list sofar in 🧵
• #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
• This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot