https://blog.isosceles.com/the-webp-0day
tldr: libwebp has been patched and will eventually make its way to everyone. This is not an easy exploit and unless you're at the level of a nation state target, don't worry about it.
A mobile client for Lemmy running on iOS and Android
https://blog.isosceles.com/the-webp-0day
tldr: libwebp has been patched and will eventually make its way to everyone. This is not an easy exploit and unless you're at the level of a nation state target, don't worry about it.
I must disagree. The information is public and there are many sources that describe how to construct such a file that can trigger the heap buffer overflow. You don't need to understand all the theory to cause the overflow.
I don't think it's that complicated. I'm sure it will be used as an N-day for a long time.
The key to effective exploitation is learning to understand deeply only those parts that require deep understanding.