Security Alert: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Vulnerability Discovered

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

1.4K

• (edited )

Update Security Alert: (0Day) Apple macOS ImageIO WEBP File Parsing Out-Of-Bounds Vulnerability Discovered (vulners.com)

Source: https://archive.md/C88Al

Do not open external links that end with .webp

The attack vector can also be spread through a .webp file renamed as .jpg

If you are using FireFox (or a clone) you can disable webp support:

about:config >> image.http.accept, delete "image/webp"
about:config >> network.http.accept.default, delete "image/webp"
about:config >> set image.webp.enabled to FALSE

You can also use:

https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/

Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

Source: https://archive.md/C88Al ## Do not open external links that end with .webp The attack vector can also be spread through a .webp file renamed as .jpg If you are using FireFox (or a clone) you can disable webp support: * about:config >> image.http.accept, delete "image/webp" * about:config >> network.http.accept.default, delete "image/webp" * about:config >> set image.webp.enabled to FALSE You can also use: * https://addons.mozilla.org/en-US/firefox/addon/dont-accept-webp/ ## Update: webp uploading/linking/viewing are now disabled (and on pic8 as well).

(post is archived)

You are currently inside a comment thread.

Click here to see all the comments (39).

[–] [deleted] • 2 pts

The alert says it only affects Apple. But, just to be cautious, does anyone have suggestions on best way to check a Linux install for possible malware? I know the ultimate solution to that is a fresh install, but I have this one highly customized and really don't want to start over if I don't have to.

link