GamingChairModel , 9 months ago

Summary:

Apple disclosed and patched an actively exploited vulnerability in its proprietary image processing library.

At the same time, Google disclosed and patched an actively exploited vulnerability in its own webp processing in Chrome.

The timing and similarity highly suggests this is a problem with how almost all software has implemented the webp standard in its image processing software. Because processing webp files is such a fundamental function of any different pieces of software, there’s a concern that this is one vulnerability common to a huge set of commonly used software.

I wonder if this vulnerability is especially serious, given that the programs processing images often have escalated privileges.