While Intel has released updated microcode for all affected processors as part of its November 2023 updates, they note that there is no evidence of any active attacks using this vulnerability. This could also lead to information disclosure or privilege escalation. An exploit on one guest machine can cause the host machine to crash, resulting in a Denial of Service for other guest machines on the same host. The vulnerability is especially significant in multi-tenant virtualized environments. This flaw, affecting desktop, mobile, and server CPUs, could potentially lead to privilege escalation, information disclosure, and denial of service through local access. Intel has recently addressed a critical vulnerability in its CPUs, codenamed "Reptar" (CVE-2023-23583, CVSS score: 8.8). Important Update for Tech and Cybersecurity Communities: Intel CPU Vulnerability Alert Urgent Action Required: The recently updated critical assessment underscores the pressing need for swift patch application across these platforms to ensure the security of user data. Wider Implications: The reclassification highlights the potential risk for projects using libwebp, including 1Password, Safari, Signal, Firefox, Edge, Opera, and Android browsers. The Impact: Such exploits can lead to crashes, arbitrary code execution, and unauthorized access to sensitive data. Malicious HTML pages can be leveraged by malicious actors to carry out memory writes beyond the established boundaries. This pertains to a heap buffer overflow within WebP, affecting Chrome iterations preceding 1.187. Technical Details: CVE-2023-5129 has gained official recognition as a severe problem within #libwebp, bearing a top-level severity rating of 10/10. However upon further investigation, it has currently been ascribed a different CVE, this change having a great impact. A new CVE ID (CVE-2023-5129) is assigned to the libwebp flaw initially labeled as a Chrome weakness (CVE-2023-4863)īackground: The vulnerability was first jointly reported by Apple Security Engineering and Architecture (SEAR) and Citizen Lab at The University of Toronto's Munk School on September 6. Google reclassifies security #vulnerability with a new #severity rating of 10/10.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |