WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2025 Poal.co

526

Source: https://archive.md/C88Al

Do not open external links that end with .webp

The attack vector can also be spread through a .webp file renamed as .jpg

If you are using FireFox (or a clone) you can disable webp support:

  • about:config >> image.http.accept, delete "image/webp"
  • about:config >> network.http.accept.default, delete "image/webp"
  • about:config >> set image.webp.enabled to FALSE

You can also use:

Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

Source: https://archive.md/C88Al ## Do not open external links that end with .webp The attack vector can also be spread through a .webp file renamed as .jpg If you are using FireFox (or a clone) you can disable webp support: * about:config >> image.http.accept, delete "image/webp" * about:config >> network.http.accept.default, delete "image/webp" * about:config >> set image.webp.enabled to FALSE You can also use: * https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/ ## Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (39).
[–] 2 pts

Which one?

[–] 0 pt

Apple pushed two security updates to me. First to Safari, then to the System.

[–] 2 pts

Check out if they are related to ImageIO.

[–] 1 pt

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

I guess it did. Checked Mojave, Catalina, Big Sur, and iPad. They're all patched.