In case you missed the news, there's a critical 0day in WebP (a heap buffer overflow in the libwepb library) floating about, which was initially issued as
It’s the same exploit that got parched for iOS iMessage a while back. Most apps parsing WebP images have this library in use somewhere, and any of those apps can be tricked into executing malicious code by parsing the image.
Depending on the app, the impact may be small (only parsing it when you try to open the file, for example) or it could be a silent killer if the image gets parsed the moment a message is received (what iMessage did and what various other apps probably also do).
The update has been out for a while, so as long as you update your apps regularly you’re probably not on any danger. Attackers will need a second exploit to get privilege escalation and do anything useful on mobile operating systems and sandboxed applications (UWP/Flatpak/Snap).
It’s the same exploit that got parched for iOS iMessage a while back. Most apps parsing WebP images have this library in use somewhere, and any of those apps can be tricked into executing malicious code by parsing the image.
Depending on the app, the impact may be small (only parsing it when you try to open the file, for example) or it could be a silent killer if the image gets parsed the moment a message is received (what iMessage did and what various other apps probably also do).
The update has been out for a while, so as long as you update your apps regularly you’re probably not on any danger. Attackers will need a second exploit to get privilege escalation and do anything useful on mobile operating systems and sandboxed applications (UWP/Flatpak/Snap).