Libwebp 0 Day Vulnerability CVE-2023-4863

Resolved
Resolved

We have resolved the issue. Thank you for your patience.

Avatar for
Identified

A new 0 day vulnerability related to a program library utilized in many common applications has been disclosed. This vulnerability allows attackers to craft a malicious WebP image, and when opened, allows for arbitrary remote code execution. Initial reports of impact were limited to Google Chrome but have since been expanded and reclassified to many other applications. Omega Systems has approved critical updates for immediate release outside of normal patching schedules to address this issue in supported third party pathing applications - Google Chrome, Mozilla Firefox, Opera, and Microsoft Edge, BitWarden, and Skype. This will not require a reboot to apply. If you subscribe to our third party patching service you will receive the updates if your machines are online. If they are offline, the update will occur the next time they are powered on.

If you do not have third party patching, we recommend manually updating your applications as soon as possible. Please contact your Technical Account Manager for additional information on our third party patch automation services.

Additional details can be found in the links below: https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Thank you,

OMEGA SYSTEMS Office 610.678.7002 | Service Desk 484.772.1110

Omega Systems is dedicated to providing excellent customer service experiences. If you are receiving this email, you are a valued client and recipient of our services.

If someone within your organization is not receiving these important emails and should be added to the contact list, please contact your Technical Account Manager to have them added.

Avatar for
Began at:

Affected components
  • Support Services
    • Smart Support