A fresh zero-day vulnerability has been identified, affecting certain third-party applications. This vulnerability may be linked to Apple’s recent releases, including macOS Big Sur 11.7.10, macOS Monterey 12.6.9, iPadOS 15.7.9 iOS 15.7.9, and iOS 17.0.1 and iPadOS 17.0.1.

For more details, check out CVE-2023-4863 and  CVE-2023-5129, which have been posted by NIST, with a reference to Google Chrome.

However, various security blogs like CyberKendra, Isosceles, and The Citizen Lab suggest that this vulnerability might extend to other third-party applications that use the WebP image library.

What Actions Should You Take?

1.      Please take the time to review all third-party software under your management for security bulletins and update them to the latest versions. If you’re using Addigy to manage your devices, you can distribute the latest third-party software through our Smart Software, Public Software, or Apps & Books.

2.      Additionally, you can roll out the most recent versions of macOS, iOS, and iPadOS via System Updates using MDM.

As of now, we’re only aware of Google Chrome and Apple releasing updates. We’ll keep you posted on updates to Addigy Public software via the relevant knowledge base article.

Is the Addigy Production Environment Affected by the WebP Image Library?

The Addigy Platform doesn’t use the WebP Image Library, so it’s not impacted by this vulnerability. Our Security and Operations teams are continually reviewing security best practices and trustworthy vulnerability reports to ensure the security of your data and managed devices.

If you require further information or assistance, feel free to reach out to the Addigy Support team.