Replying to Avatar Gossip Client

GOSSIP USERS: SECURITY ALERT

There is an UNPATCHED vulnerability in libwebp that allows a malicious image to infect your computer. This affects gossip, as well as countless other programs.

Normally we wouldn't announce an active vulnerability until it is patched and there is a solution, but this news is already widespread.

Please go to your settings and uncheck "Render all media inline automatically". Only click to view media from people you trust.

We are working towards a better understanding of this, and a fix.

Please coorespond with nostr:npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35c as this account is only used for announcements and is not watched.

Related security alerts:

https://nvd.nist.gov/vuln/detail/CVE-2023-4863

More info

https://www.tenable.com/blog/cve-2023-41064-cve-2023-4863-cve-2023-5129-faq-imageio-webp-zero-days

https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/

Avatar
Dawn 2y ago

⚠️

nostr:nevent1qqsydh0dpturk7lxsrrkj8ptwnlmndczla9k9r97f7sqr2tdshuallspp4mhxue69uhkummn9ekx7mqzyqukgu3galwlytuy5l8rd5g3kduvuheazkuyqy68s40qfvjv3e8qgqcyqqqqqqgj4lvcj

Reply to this note

Please Login to reply.

Discussion

No replies yet.