WebP bug

Critical WebP bug is a systemic cybersecurity issue

This bug is embedded in many software and apps and exploited actively! What can you do about it?

Yesterday, it was revealed that a critical cybersecurity bug was found in all kinds of software, from web browsers and image editing software to password managers! Worse still, this bug is under active exploitation by hackers.

What happened?

We all know of the famous image file format called “JPEG”.

There is another much lesser-known image file format called “WebP”. Despite its relative obscurity to most people, it is widely used on the Internet. To display images in the WebP format, a lot of software uses the same re-usable code library called “libwebp“.

It turns out that there is a cybersecurity vulnerability in libwebp. Hackers can feed a deliberately malformed WebP file into a software/app that uses libwebp to display the image. This malformed WebP file is booby-trapped to inject the hacker’s code into the software/app via the defective libwebp code library. When that happens, the hacker can take over the software/app and commandeer it to do whatever he wants.

There are reports that this bug is under active exploitation by hackers! So you will want to patch all the affected software/apps as soon as possible.

Unfortunately, there are a huge number of software/app that uses libwebp. We know for sure that these software/apps are affected:

Subscribe to continue reading

Become a paid subscriber to get access to the rest of this post and other exclusive content.