Last week, Citizen Lab reported on a vulnerability that allowed attackers to exploit iPhones through iMessage without the user having to click on anything. Apple has now discovered that this vulnerability is actually a heap overflow vulnerability in libwebp, which affects other browsers as well. Chrome has already released a patch for this vulnerability in versions 116.0.5845.187 and 116.0.5845.187. The same patch has been sent to Firefox and is expected to be released as version 117.0.1 soon.
The actual vulnerability used to exploit iPhones is a combination of multiple vulnerabilities, and it is unclear how severe the vulnerability in libwebp alone is. Now that the patches have been widely distributed, we can expect detailed vulnerability analysis reports to emerge.
TLDR: A recent report by Citizen Lab revealed a vulnerability that allowed attackers to exploit iPhones through iMessage. Apple has identified the vulnerability as a heap overflow in libwebp and has released patches for Chrome and Firefox. The severity of the vulnerability and its impact on other browsers remains to be fully analyzed.
Leave a Comment