Critical Zero-Day Vulnerability: Libwebp
Table of Contents
What Is the CVE-2023-5129 Vulnerability?
CVE-2023-5129 represents a critical vulnerability that impacts a wide array of applications capable of rendering internet-sourced images. This vulnerability opens the door for malicious actors to execute arbitrary code on a user's computer from a remote location. All it takes for hackers to exploit this vulnerability is to lure users into viewing a particular web page. CVE-2023-5129 has been assigned the highest severity score of 10.0 on the Common Vulnerability Scoring System (CVSS) rating scale.
What Applications Are Vulnerable?
The vulnerability is in the libwebp package which is used by hundreds of applications. Including Google Chrome, Mozilla Firefox, Microsoft Edge, Slack, and Microsoft Teams.
How Can Hackers Leverage This Vulnerability?
This zero-day vulnerability can be weaponized through the mere act of viewing a malicious image hosted on a website. Once the image loads within the web page, it grants an external entity control over your computer. By exploiting this vulnerability, an attacker gains the capacity to engage in various malicious activities, including data theft, system disruption, and maintaining persistence within the compromised system.
Furthermore, the hacker may employ ransomware to encrypt a user's files, or they could connect to a remote command and control server, thereby establishing a covert channel for further exploitation.
Recommendations for Everyone
- Immediately patch ALL web browsers running on your systems. Affected browsers include: Google Chrome, Mozilla Firefox, Microsoft Edge, etc.
- Immediately patch ALL communication apps running on your systems. Affected apps include Microsoft Teams, Slack, etc.
Recommendations for ThreatLocker Customers
- Ensure that PowerShell is secured with Ringfencing™ against internet access.
- Ensure that ALL web browsers are using Ringfencing™ to prevent from calling out to PowerShell.
- Make sure ALL communication applications are using Ringfencing™ to prevent from calling out to PowerShell.