On Tuesday, Mozilla released urgent security updates addressing a critical zero-day vulnerability affecting both Firefox and Thunderbird, identified as CVE-2023-4863. This flaw has been actively exploited in the wild, prompting the need for immediate remediation. The vulnerability pertains to a heap buffer overflow in the WebP image format, which could allow for arbitrary code execution upon rendering specifically crafted images.
According to Mozilla’s advisory, the exploitation of this vulnerability could result in severe consequences. “Opening a malicious WebP image could lead to a heap buffer overflow in the content process,” the advisory stated, further emphasizing that the company is aware of these exploits impacting other products in the ecosystem. The National Vulnerability Database (NVD) elaborates that this flaw can enable remote attackers to perform out-of-bounds memory writes through specially designed HTML pages.
The reporting of this security issue has been attributed to Apple Security Engineering and Architecture (SEAR) and the Citizen Lab at the University of Toronto’s Munk School. Mozilla has addressed the vulnerability in several versions including Firefox 117.0.1, Firefox ESR 115.2.1, and Thunderbird 115.2.2, among others.
This incident arrives just a day after Google released its own patch for a similar flaw within its Chrome browser. Google acknowledged the existence of an exploit for CVE-2023-4863 in the wild, underscoring the urgency for affected users to implement the updates.
In the preceding week, Apple also rolled out fixes for two vulnerabilities that have been actively exploited as part of a zero-click iMessage exploit chain named BLASTPASS, which has been linked to deploying the Pegasus spyware on up-to-date iPhones running iOS 16.6. While the precise details regarding the exploitation of these vulnerabilities remain scarce, it is widely suspected that they are being used to target high-risk individuals such as activists, journalists, and political dissidents.
In terms of potential tactics employed by adversaries in these attacks, the MITRE ATT&CK framework offers valuable insights. Techniques such as initial access and exploitation of remote services are likely applicable here, as attackers exploit known vulnerabilities to gain unauthorized access. Persistence may also play a role, particularly in scenarios where attackers aim to maintain their foothold in systems even after initial exploitations have been addressed.
As organizations continue to prioritize cybersecurity, the necessity for timely updates and threat awareness cannot be overstated. Business owners are encouraged to remain vigilant and proactive in securing their environments against emerging threats, particularly in light of this recent vulnerability disclosure.