AVD Classic to be Retired! libwebp Vulnerability Update! Google Discontinues Another Product!

On this week’s episode I cover details shared by Satya Nadella during his testimony in Google’s antitrust case, I dive into the Google Chromebook Plus announcement and the AVD Classic retirement date plus much more!

This episode is brought to you in large part thanks to my sponsors:

Episode 302 is available on Soundcloud:

And on YouTube:

If you’d like to play the Podcast on a different podcast service such as Apple Podcasts, Google Podcasts or Spotify. You can find this episode at 5BytesPodcast.com

Here are this episode’s links as shown in the YouTube video:

Scripts, Tricks and Tips:

Testing Applications in System Context: A Step-by-Step Guide Using PsExec:

https://scloud.work/testing-applications-system-context-psexec/

Blue Sky:

https://bsky.app/profile/rorymon.com

Microsoft and Google’s Tug of War for Apple:

https://mspoweruser.com/microsoft-lose-billions-apple-default-search/

Apple May Be Working on Search Engine:

https://mspoweruser.com/apple-search-engine-to-replace-google/

Libwebp Vulnerability Update:

https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/

On last week’s episode of the podcast I covered the fact that Google revised one of their previous vulnerability disclosures from 3 weeks ago about a Heap Buffer overflow vulnerability and published a new CVE – CVE-2023-5217 which listed a library used for media compression called libwebp as a vulnerable component without much explanation for the progression that lead to them disclosing 2 separate CVEs.

When I scripted last week’s episode a handful of other applications were identified as vulnerable due to also using this library. I also stated this one has the potential to become like the Log4Shell vulnerability last year that resulted in many vendors issuing patches due to relying on a popular library and wouldn’t ya know it, that is exactly what has happened.

Curated List of Vulnerable Apps:

https://docs.google.com/spreadsheets/d/1QLLFYCO0FMAu1ob6mnYCapW8dnx-HXunbf_zc9QLXlM/edit#gid=1774064991

Microsoft’s libwebp Advisory:

https://msrc.microsoft.com/blog/2023/10/microsofts-response-to-open-source-vulnerabilities-cve-2023-4863-and-cve-2023-5217/

Arm Vulnerabilities Being Exploited in the Wild:

https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/

AVD Classic EoL:

https://www.theregister.com/2023/10/03/azure_virtual_desktop_classic_eol/

Apple Agrees to China’s Regulations of App Store:

https://bgr.com/tech/apple-agrees-to-tighten-rules-for-chinese-app-store-no-foreign-apps-allowed/

Chromebook Plus Announcement:

https://www.neowin.net/news/google-officially-confirms-chromebook-plus-laptops-preorders-begin-oct-8-starting-at-399/

Cloudflare Could be Leveraged in DDoS Attacks:

https://www.bleepingcomputer.com/news/security/cloudflare-ddos-protections-ironically-bypassed-using-cloudflare/

Copilot Bugs Identified:

https://betanews.com/2023/10/03/microsoft-admits-what-many-windows-11-users-already-knew-copilot-is-buggy/

Outlook Issues Resolved:

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-prompts-to-reopen-closed-windows/

Tor No Longer Identified as Trojan by Defender:

https://www.bleepingcomputer.com/news/security/microsoft-defender-no-longer-flags-tor-browser-as-malware/

Google Discontinues Another Product:

https://mspoweruser.com/google-discontinue-jamboard-2024/

300th Episode Giveaway:

https://sweepwidget.com/c/73417-0dcho8t4

Full Podcast Episode Guide:
5bytespodcast.com

Check out my site:
Rorymon.com

Twitter:
@Rorymon