Security Alert: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Vulnerability Discovered

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

691

• (edited )

Update Security Alert: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Vulnerability Discovered (vulners.com)

Source: https://archive.md/C88Al

Do not open external links that end with .webp

The attack vector can also be spread through a .webp file renamed as .jpg

If you are using FireFox (or a clone) you can disable webp support:

about:config >> image.http.accept, delete "image/webp"
about:config >> network.http.accept.default, delete "image/webp"
about:config >> set image.webp.enabled to FALSE

You can also use:

https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/

Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

Source: https://archive.md/C88Al ## Do not open external links that end with .webp The attack vector can also be spread through a .webp file renamed as .jpg If you are using FireFox (or a clone) you can disable webp support: * about:config >> image.http.accept, delete "image/webp" * about:config >> network.http.accept.default, delete "image/webp" * about:config >> set image.webp.enabled to FALSE You can also use: * https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/ ## Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

(post is archived)

You are currently inside a comment thread.

Click here to see all the comments (39).

[–] • 0 pt

Or if the vulnerability fix would be available on non big sur OS? Lots of people are still holding out updating to big Sur because still kind of new and not as stable yet...

parent
link

[–] • 2 pts

Previous macOS versions should be immune (OS/Safari) since there's no webp/webm support.

The vulnerability resides in the browsers that support it.

parent
link

[–] • 0 pt

Thank you for that info.

parent
link