Microsoft teams which most of you have installed on your machines these days as a major vulnerability. Make sure you get that updated as soon as possible!

#CVE20235217 #vulnerability #cybersecurity

So here we go again? After libwebp, libvpx is next in line with CVE-2023-5217: another exploited-in-the-wild buffer overflow in a media encoding library used in Chrome et al. 😩​

#infosec #CVE20235217 #cve

"🚀 #ChromeSecurityUpdate: Google Thwarts Spyware Vendor Exploiting New Zero-Day 🚀"

Google has promptly patched a fresh security flaw in Chrome, exploited by a commercial spyware vendor. The update, version 117.0.5938.132, rolled out for Windows, macOS, and Linux, addressing ten vulnerabilities. The most critical among them is CVE-2023-5217, a "heap buffer overflow in vp8 encoding in libvpx," reported by Clement Lecigne from Google's Threat Analysis Group. This flaw was already weaponized in real-world attacks, marking the sixth Chrome zero-day patched in 2023. 🛡️💻

The exploit was leveraged by a commercial surveillance vendor, reminiscent of a recent operation delivering Predator spyware to an Egyptian opposition politician using various zero-days and MitM attacks on mobile devices. 🕵️📱

Source: SecurityWeek

Tags: #CyberSecurity #GoogleChrome #ZeroDay #CVE20235217 #Spyware #CyberAttack #PatchTuesday #InfoSec #VulnerabilityManagement #MitM #RealWorldExploits

Firefox 118.0.1 now appears to be live in #archlinux extra repository, addressing CVE-2023-5217: Heap buffer overflow in libvpx

#Linux #security #cve20235217 #libvpx

Mozilla released #Firefox 118.0.1 and ESR 115.3.1 to address CVE-2023-5217: Heap buffer overflow in libvpx

https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/

I suppose I'll follow the Linux distro packages again for this one so I guess follow this thread or whatever 😂

#security #cve20235217 #libvpx