New Silent Digital Threat: Update Your Software Now

The digital landscape is a constantly evolving space, filled with immense opportunities for growth and lurking perils that can jeopardize your business. Right now, there’s a pressing concern that could impact your digital security without you even knowing it.

 

Why You Should Care

Have you ever wondered why web pages load at lightning speed these days? One of the reasons is a technology that compresses images to a size that makes it quicker to load on your screen. This technology is called WebP, and it’s been developed by tech giant Google. It’s found in many places you’d least expect—your web browsers like Chrome, Firefox, and Edge, and even in various software applications.

The team of experts behind WebP uses a library called Libwebp to make this magic happen. However, a recent vulnerability, known officially as CVE-2023-4863, has been discovered in this Libwebp library. This bug acts like a skeleton key that can open a door to your sensitive data and potentially corrupt your systems. Even Apple, Google, and Mozilla have rushed to patch this issue in their respective browsers.

For a more technical breakdown, you can visit this link.

 

What It Means for Your Business

Think of your computer system as your digital store. Just like how you wouldn’t leave your physical store unlocked overnight, you wouldn’t want your digital store left vulnerable either. This bug is like a flaw in the lock of your store’s door. Ignoring this issue could lead to cybercriminals walking straight into your systems, snooping around, and even causing havoc that could cost you both money and reputation.

Companies like Palo Alto Networks, Microsoft, and 1Password have already been quick to assess the impact and reassure their users. But how can you assure your own business’s safety?

 

The Call to Action: Update Now

Fortunately, fixing this issue is as simple as updating the affected software. If you use Chrome, Firefox, Edge, or any other software that relies on the Libwebp library, make sure they are all up to date. Most of these updates happen automatically, but it’s worth taking a moment to manually check if you’re not sure.  We are still discovering more software that utilize this WebP codec, but are unsure which ones actually could be exploited to use the vulnerability.  Here is a short list of some software from the WebP wikipedia.

  • 1Password
  • balenaEtcher
  • Basecamp 3
  • Beaker (web browser)
  • Bitwarden
  • CrashPlan
  • Cryptocat (discontinued)
  • Discord
  • Eclipse Theia
  • FreeTube
  • GitHub Desktop
  • GitKraken
  • Joplin
  • Keybase
  • Lbry
  • Light Table
  • Logitech Options +
  • LosslessCut
  • Mattermost
  • Microsoft Teams
  • MongoDB Compass
  • Mullvad
  • Notion
  • Obsidian
  • QQ (for macOS)
  • Quasar Framework
  • Shift
  • Signal
  • Skype
  • Slack
  • Symphony Chat
  • Tabby
  • Termius
  • TIDAL
  • Twitch
  • Visual Studio Code
  • WebTorrent
  • Wire
  • Yammer

 

Need Help? We’re Here for You

For businesses without an IT department, or for those who just don’t have the time to focus on these issues, we can help. Keeping your software updated is just the first step in securing your digital landscape.

Book a call with us here to discuss how we can assist you in handling these updates and in setting up a comprehensive plan to protect your business from future vulnerabilities.

Remember, an ounce of prevention is worth a pound of cure. Don’t wait until it’s too late; protect your business today.