jwzFrom this thread:
https://infosec.exchange/@TomSellers/111126339492371432
I found that these apps installed on my Mac are still vulnerable to the WebP exploit:
Arduino IDE, Keybase, Slack, and AdGuard for Safari.
The first 3 I haven't launched in months, but... it certainly was A Choice that "AdGuard *FOR SAFARI*" contains an entire copy of "Chrome/100.0.4896.160" inside it.
Tom Sellers (@[email protected])
Roughly 2 weeks ago Google patched a critical vulnerability, CVE-2023-4863, that was being exploited in the wild. The broad impact of the root cause of the vuln and the fact that it will have a long tail of unpatched software has been poorly communicated. You can read more in @dangoodin 's [excellent article on Ars Technica](https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/). As pointed out in the article above, Electron is based on Chromium and is impacted. Electron is bundled in a ton of apps that people might overlook. I threw together the following shell command to help macOS audit which versions of Electron apps are installed. ``` find /Applications -type f -name "*Electron Framework*" -exec \ sh -c "echo \"{}\" && strings \"{}\" | grep '^Chrome/[0-9.]* Electron/[0-9]' | head -n1 && echo " \; ``` When run, you should see something similar to the following: ``` /Applications/Visual Studio Code.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework Chrome/114.0.5735.289 Electron/25.8.1 /Applications/Slack.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework Chrome/116.0.5845.188 Electron/26.2.1 ``` #Security #Electron #CVE20234863 #CVE-2023-4863
John Siracusa
Stephen Foskett
Michael Stanclift