Addigy Security and Operations team has identified a new zero-day vulnerability that affects some third-party applications, and rumored to be related to Apple's latest releases of macOS Big Sur 11.7.10, macOS Monterey 12.6.9, iOS 15.7.9 and iPadOS 15.7.9 and iOS 17.0.1 and iPadOS 17.0.1. At this time, CVE-2023-4863 and CVE-2023-5129 have been posted, with Google Chrome referenced. However certain security blogs (CyberKendra, Citizens Lab, and Isosceles) are reporting this vulnerability can extend to other 3rd party applications based on the usage of the WebP image library.
What do I need to do?
Please review all managed 3rd party software for security bulletins and update them to the latest builds. For devices managed through Addigy, you can push out the latest 3rd party software using Smart Software, Public Software, or Apps & Books. Also, you can push out the latest macOS, iOS, and iPadOS versions through System Updates via MDM.
At the time of writing this post, we are only aware of Google Chrome and Apple pushing out releases.
We will be updating the Addigy Public software as updates arrive.
Is Addigy's production environment using WebP Image Library?
The Addigy Platform does not use WebP Image Library and therefore is not affected by this vulnerability. As always, our Security and Operation teams are reviewing security best practices and vulnerability reports from trusted sources to make sure your data and managed devices are secure.
If you need any additional information or assistance, please reach out to our Addigy Support team - firstname.lastname@example.org.