Blasting Past WebP - An analysis of the NSO BLASTPASS iMessage exploit

https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html

#HackerNews #Blasting #Past #WebP #An #analysis #of #the #NSO #BLASTPASS #iMessage #exploit #hackernews #security #exploit #analysis #NSO

When Marnus casually picked up a 5-fer in the @VitalityBlast@twitter.com 🤯

Only ONE day to go for #Blast25 general sale! 🎟️

You can also get your season #BlastPass 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

We agree, Doully. High-quality shot from a high-quality player. 👊

3️⃣ days to go for the #Blast25 General Sale 🎟️

You can also get your season #BlastPass 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

What is your ALL-TIME Glamorgan @VitalityBlast@twitter.com XI?

Only 4️⃣ days to go before #Blast25 tickets are on General Sale 🎟️

You can also get your Glamorgan #BlastPass NOW 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

𝙏𝙃𝘼𝙏 Kiran Carlson innings at @SophiaGardens@twitter.com in the @VitalityBlast@twitter.com 🔥

6️⃣ days to go for the #Blast25 General Sale 🎟️

You can also get your season #BlastPass 🔗 https://bit.ly/3CABLo5

#OhGlammyGlammy

Ugh! Shameful:

“India Targets Apple Over Its Phone Hacking Notifications”, The Washington Post (https://www.washingtonpost.com/world/2023/12/27/india-apple-iphone-hacking/).

On HN: https://news.ycombinator.com/item?id=38788496

#India #Media #Apple #iPhone #Security #FreeSpeech #Spyware #NSO #Pegasus #Blastpass #Adani #Corruption #WTF

Looking for some help, my company might not be able to fully patch CVE-2023-4863 aka BLASTPASS for a few days. Does anyone know a way of detecting exploitation of this through Splunk? Can you see it in web server logs? Next-gen firewall? WAF? I’m not seeing much info online about how to detect the exploitation.

#libwebp #cve20234863 #blastpass #splunk #siem

Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS

• libwebp library is vulnerable to heap overflow and can lead to RCE.
• Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
• #Google assigned #CVE20235129 for Chrome 0day and also exploited
• Millions of apps and software use this library. See list sofar in 🧵
• #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
• This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot

📱 iPhone iMessage "Zeroclick" Exploits (ie: FORCEDENTRY / BLASTPASS)

&

⚠️ UK Online Safety Bill Passes

#Apple #News #infosec #cybersecurity #privacy #Pegasus #NSOgroup #spyware #malware #iPhone #iMessage #FORCEDENTRY #BLASTPASS #UK #onlinesafetybill #UnitedKingdom #FreeSpeech #FreeExpression #tech #Peertube

https://tube.tchncs.de/w/1RABHkdTMrR3b8uFHGGq6p

@ant0inet @marcel @citizenlab
I guess we will all remember the term #BLASTPASS ... like we do #log4j

#apple #security #alert #blastpass #zeroday #vulnerability https://www.darkreading.com/vulnerabilities-threats/apple-hit-by-two-no-click-zero-days-in-blastpass-exploit-chain

This Week in Security: Blastpass, MGM Heist, and Killer Themes https://hackaday.com/2023/09/15/this-week-in-security-blastpass-mgm-heist-and-killer-themes/ #HackadayColumns #SecurityHacks #ransomware #Blastpass #Honeypots #News

Critical New 1Password, Signal, Chrome, Edge, Firefox Emergency Security Updates

Are CVE-2023-4863, Blastpass, iOS, And Chrome Security Updates Connected?

09/14 update: Developer and blogger Alex Ivanovs has confirmed that, as well as web browsers, “any software that uses the libwebp library” is affected by this vulnerability, including Electron-based applications such as 1Password and Signal.

https://www.forbes.com/sites/daveywinder/2023/09/14/new-emergency-chrome-security-update-after-critical-ios-1661-release/ #blastpass #webp

#NSO-Exploit: Apple fixt auch ältere Versionen von macOS, iOS und iPadOS | Mac & i https://www.heise.de/news/NSO-Exploit-Apple-fixt-auch-aeltere-Versionen-von-macOS-iOS-und-iPadOS-9301842.html #blastpass #Patchday #NSOgroup

After Apple’s #BLASTPASS patches, come a bunch of others. Exploits are in the wild.

The bug is in #libwebp​—a Google #WebP image library built in to many apps. In today’s #SBBlogwatch, we prepare for carpal tunnel. At #TechstrongGroup’s #SecurityBlvd: https://securityboulevard.com/2023/09/patch-everything-widely-used-webp-code-has-critical-bug/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

Security Alert: Please be sure to update your #Apple #iPhone!

Last week, while checking the device of an individual employed by a Washington DC-based civil society organization with international offices, #CitizenLab found an actively exploited zero-click vulnerability being used to deliver #NSO Group’s #Pegasus mercenary #spyware.
#BlastPass #ZeroDay #ZeroClic
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-i

#BlastPass : #Apple comble deux vulnérabilités en relation avec le #spyware #Pegasus !

https://blog.sosordi.net/2023/09/blastpass-apple-comble-deux-vulnerabilites-en-relation-avec-le-spyware-pegasus.html

#securite #data #vieprivee #NSOGroup #iMessage #iOS

HackRead: Update NOW! Pegasus Spyware Exploit Found in iPhones Running Latest iOS https://www.hackread.com/blastpass-pegasus-spyware-exploit-iphones-ios/ #Vulnerability #Surveillance #BLASTPASS #Security #security #Malware #Pegasus #Spyware #iPhone #0day #iOS

Apple fixes 0-Day Vulnerability in Older Operating Systems #blastpass #ios #macos https://i5c.us/d30210

NSO-Group-Angriff: Notfall-Updates für iPhone, iPad, Mac und Apple Watch | Mac & i https://www.heise.de/news/NSO-Group-Angriff-Notfall-Updates-fuer-iPhone-iPad-Mac-und-Apple-Watch-9298564.html #BLASTPASS #NSO #NSOgroup #Exploit #Patchday