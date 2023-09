By

Google yatulutsa zosintha zachitetezo kunja kwa gulu kuti zikhazikitse chiwopsezo mu msakatuli wake wa Chrome. Cholakwika, chomwe chimadziwika kuti CVE-2023-4863, chimaphatikizapo kusefukira kwa mulu komwe kumakhudza mawonekedwe azithunzi za WebP. Chiwopsezo ichi chikhoza kubweretsa kuphedwa kapena kuwonongeka kwa ma code.

Kupezeka kwa chiwopsezochi kudanenedwa ndi Apple Security Engineering and Architecture (SEAR) ndi The Citizen Lab ku University of Toronto's Munk School. Tsatanetsatane wazomwe zachitikazi sizinafotokozedwe, koma Google idavomereza kuti kugwiriridwa kwa CVE-2023-4863 kwawonedwa kuthengo.

Chigamulo chaposachedwa ndi gawo la zoyesayesa za Google zothana ndi zovuta zamasiku aulere mu Chrome. Kuyambira kuchiyambi kwa chaka, kampaniyo yakonza kale zovuta zinayi zotere.

Kuphatikiza pa chigamba cha Google, Apple yakulitsanso zosintha zake kuti zithetse CVE-2023-41064, chiwopsezo china chokhudzana ndi kukonza zithunzi. Chiwopsezo ichi ndi vuto losefukira mu gawo la Image I/O, zomwe zitha kupangitsa kuti ma code asungidwe mosasamala. Idagwiritsidwa ntchito molumikizana ndi CVE-2023-41061 pa zero-click iMessage exploit chain yotchedwa BLASTPASS kuyika mapulogalamu aukazitape a Pegasus pa ma iPhones okhala ndi zigamba zonse omwe akuyendetsa iOS 16.6.

Kufanana kwapakati pa CVE-2023-41064 ndi CVE-2023-4863, zonse zokhudzana ndi kukonza zithunzi komanso zomwe Apple ndi The Citizen Lab, zikuwonetsa, zikuwonetsa kulumikizana komwe kungachitike pakati pa ziwopsezo ziwirizi.

Pofuna kuteteza ku zoopsa zomwe zingakhalepo, ogwiritsa ntchito akulangizidwa kuti asinthe msakatuli wawo wa Chrome kuti ukhale 116.0.5845.187/.188 wa Windows ndi 116.0.5845.187 wa macOS ndi Linux. Ogwiritsa ntchito asakatuli ozikidwa pa Chromium, monga Microsoft Edge, Brave, Opera, ndi Vivaldi, ayeneranso kuyika zigamba zikangopezeka.

Sources:

– [Dzina Lochokera patsamba 1]

– [Dzina Lochokera patsamba 2]