Gossip Client on Nostr: GOSSIP USERS: SECURITY ALERT There is an UNPATCHED vulnerability in libwebp that ...
GOSSIP USERS: SECURITY ALERT
There is an UNPATCHED vulnerability in libwebp that allows a malicious image to infect your computer. This affects gossip, as well as countless other programs.
Normally we wouldn't announce an active vulnerability until it is patched and there is a solution, but this news is already widespread.
Please go to your settings and uncheck "Render all media inline automatically". Only click to view media from people you trust.
We are working towards a better understanding of this, and a fix.
Please coorespond with mikedilger (npub1acg…p35c) as this account is only used for announcements and is not watched.
Related security alerts:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
More info
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-imageio-webp-zero-days
https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/
There is an UNPATCHED vulnerability in libwebp that allows a malicious image to infect your computer. This affects gossip, as well as countless other programs.
Normally we wouldn't announce an active vulnerability until it is patched and there is a solution, but this news is already widespread.
Please go to your settings and uncheck "Render all media inline automatically". Only click to view media from people you trust.
We are working towards a better understanding of this, and a fix.
Please coorespond with mikedilger (npub1acg…p35c) as this account is only used for announcements and is not watched.
Related security alerts:
https://nvd.nist.gov/vuln/detail/CVE-2023-4863
More info
https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-imageio-webp-zero-days
https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/