Published: 07/09/2023 Updated: 22/09/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple ipados
apple iphone os
apple macos

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security releases page Apple security documents reference vulnerabilities by CVE-ID whe ...

longitudes de código para desencadenar esta vulnerabilidad

vulnerabilidad-LibWebP-CVE-2023-41064 longitudes de código para desencadenar esta vulnerabilidad CVE-2023-41064 Este es un script de Python que crea un archivo WebP (un formato de imagen) vacío con una estructura de encabezado específica El propósito de este script es generar un archivo WebP que puede ser utilizado para pruebas o propósitos e

This tool calculates tricky canonical huffman histogram for CVE-2023-4863.

Huffman table hacking tool This tool calculates tricky canonical huffman histogram, which is able to trigger OOB (Out Of Band) write for vulnerable libwebp library (ie libwebp <= 131) This vulnerability is known as CVE-2023-4863 or CVE-2023-41064 We can overflow the pre-allocated huffman table by at most 132 entries The rationale is that libwebp assumes the huffm

ELEGANTBOUNCER is a detection tool for file-based mobile exploits.

ELEGANTBOUNCER ELEGANTBOUNCER is a detection tool for file-based mobile exploits It employs an innovative approach for advanced file-based threat identification, eliminating the need for in-the-wild samples and outperforming traditional methods based on regular expressions or IOCs At present, it primarily targets the identification of mobile vulnerabilities such as FORCEDENTR

CVE-2023-4863/CVE-2023-41064 A POC for CVE-2023-4863 NOT an exploit Shout to @benhawkes who discovered the right set of code_lengths to trigger this vulnerability! Please consult Ben's blog post for more information! blogisoscelescom/the-webp-0day/

Apple fixes two new iOS zero-days exploited in attacks on iPhones

BleepingComputer • Lawrence Abrams • 05 Mar 2024

Apple fixes two new iOS zero-days exploited in attacks on iPhones By Lawrence Abrams March 5, 2024 04:34 PM 0 Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. "Apple is aware of a report that this issue may have been exploited," the company said in an advisory issued on Tuesday. The two bugs were found in the iOS Kernel (CVE-2024-23225) and RTKit (CVE-2024-23296), both allowing attackers with arbitrary kernel r...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources No user interaction needed for this one as Pegasus turns up via iMessage

Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild. Even running the latest version of iOS (16.6) is no defence against the exploit, which involves PassKit attachments containing malicious images. Once sent to the victim's iMessage account, the NSO Group's Pegasus spyware can be deployed without interaction. Researchers at Citizen Lab are referring to the exploit as BLASTPASS. The team said they immedi...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Exploit observed in the wild as Mountain View pushes out updates

Google has rushed out a fix for a vulnerability in its Chrome browser, noting that an exploit already exists in the wild. The search giant has followed Apple in hurriedly issuing an update in response to research from The Citizen Lab at The University of Toronto's Munk School. It also credited the Apple Security Engineering and Architecture (SEAR) team for the report. The critical vulnerability, CVE-2023-4863, is related to a heap buffer overflow in WebP. WebP, according to Google, "is a modern ...

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crooks know where the big bucks are

Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. In a report published today, Google's Threat Analysis Group (TAG) and Mandiant said they tracked 97 total zero-day vulnerabilities found and exploited by miscreants in 2023, which is considerably more than the year prior, with 62 vulnerabilities. Enterprise-specific technology zero-days, however, increased by 64 percent in 2023 compared to 2...

CVE-2023-41064

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect