Security Alert: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Vulnerability Discovered

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

1.5K

• (edited )

Update Security Alert: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Vulnerability Discovered (vulners.com)

Source: https://archive.md/C88Al

Do not open external links that end with .webp

The attack vector can also be spread through a .webp file renamed as .jpg

If you are using FireFox (or a clone) you can disable webp support:

about:config >> image.http.accept, delete "image/webp"
about:config >> network.http.accept.default, delete "image/webp"
about:config >> set image.webp.enabled to FALSE

You can also use:

https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/

Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

Source: https://archive.md/C88Al ## Do not open external links that end with .webp The attack vector can also be spread through a .webp file renamed as .jpg If you are using FireFox (or a clone) you can disable webp support: * about:config >> image.http.accept, delete "image/webp" * about:config >> network.http.accept.default, delete "image/webp" * about:config >> set image.webp.enabled to FALSE You can also use: * https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/ ## Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

(post is archived)

You are currently inside a comment thread.

Click here to see all the comments (39).

[–] • 2 pts

Webp is only supported starting at a specific Big Sur and iOS version. So it doesn’t make sense to fix something that isn’t even supported by the OS.

crApple intentionally postponed its support in macOS not because webp is a Joogle Trojan horse, but to slow down it’s adoption.

parent
link