<https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/>
A bug was found (painfully -- a zero day) in Apple's Safari and (separately) in Google's Chrome. This is a pretty serious bug -- it was used to spy on an opposition politician in Egypt. It is the same bug, and this was not reported. It turns out that the bug is in libwebp. "WebP codec is a library to encode and decode images in WebP format." libwebp is used in a lot of programs. On my Fedora 38 system, it is a shared library so it can be fixed in one update. Except where the library is copied (for example, statically linked, or used in a container of some sort). Electron is one thing that requires copies and the article lists a lot of applications built on Electron What a mess. What a mistake. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
