My theory on how the webp 0day was discovered #short

Channel:
United States LiveOverflow
Subscribers:
921,000
Published on ● Video Link: https://www.youtube.com/watch?v=CS128zYJSmw


Duration: 0:00
20,852 views
819

Want to learn more about hacking? Checkout our courses on https://www.hextree.io/ (ad)

I have spent many hours looking at the webp vulnerability used in the 0day attack against iPhones. In the past videos we have seen why fuzzers have a hard time finding the issue, so I wanted to understand how this was discovered. And I think I have a good theory!

Part 1: Huffman Tables    • A Vulnerability to Hack The World - C...  
Part 2: Fuzzing libwebp    • Finding The .webp Vulnerability in 8s...  

Sources:
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
https://googleprojectzero.blogspot.com/2019/08/the-fully-remote-attack-surface-of.html
https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
https://github.com/seemoo-lab/frida-scripts/blob/main/scripts/libdispatch.js
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://citizenlab.ca/2023/04/nso-groups-pegasus-spyware-returns-in-2022/
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://github.com/libjxl/libjxl/blob/4b9dbde293f7f282b6952a02340300abfca2b184/lib/jxl/huffman_table.cc#L51
https://github.com/webmproject/libwebp/blob/7861947813b7ea02198f5d0b46afa5d987b797ae/src/dec/vp8l_dec.c#L86C3-L86C76
https://github.com/Tencent/mars/blob/9ab46e19ed3d4fcafe9d0de4b36547321f5ead83/mars/comm/windows/zlib/inftrees.h#L41
https://github.com/google/brunsli/blob/master/c/enc/jpeg_huffman_decode.h#L20

00:00 - Intro
01:18 - The iPhone Remote Attack Surface
02:49 - Targeting iMessage
04:04 - Dangerous Parsing / BlastDoor
06:53 - Image I/O and libwebp
08:11 - A Pattern of Image Vulnerabilities
09:28 - Huffman Tables are Everywhere!
10:50 - My Theory: known issue with enough.c
13:50 - Outro

=[ ❤ ️ Support ]=

→ per Videohttps://www.patreon.com/join/liveoverflow  
→ per Month  

2nd Channel  

=[ 🐕 Social ]=

→ Twitterhttps://twitter.com/LiveOverflow/  
→ Streaminghttps://twitch.tv/LiveOverflow/  
→ TikTokhttps://www.tiktok.com/@liveoverflow_  
→ Instagramhttps://instagram.com/LiveOverflow/  
→ Bloghttps://liveoverflow.com/m/
→ Subreddithttps://www.reddit.com/r/LiveOverflow/  
→ Facebookhttps://www.facebook.com/LiveOverflow/  



Other Videos By LiveOverflow


2025-04-08From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi
2025-03-14The German Hacking Championship
2025-02-28Do you know this common Go vulnerability?
2024-10-16Google's Mobile VRP Behind the Scenes with Kristoffer Blasiak (Hextree Podcast Ep.1)
2024-09-30My theory on how the webp 0day was discovered #short
2024-09-29My theory on how the webp 0day was discovered (BLASTPASS)
2024-09-03Learn Android Hacking! - University Nevada, Las Vegas (2024)
2024-08-20My Trip to DEF CON & Black Hat
2024-01-22Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
2023-12-21A Vulnerability to Hack The World - CVE-2023-4863
2023-11-20Reinventing Web Security
2023-10-17The Circle of Unfixable Security Issues
2023-10-05Binary Exploitation vs. Web Security
2023-09-19Hacker Tweets Explained
2023-08-29Zenbleed (CVE-2023-20593)
2023-08-18The Discovery of Zenbleed ft. Tavis Ormandy
2023-08-01Asking Android Developers About Security at Droidcon Berlin
2023-07-22Local Root Exploit in HospitalRun Software
2023-07-13Android App Bug Bounty Secrets
2023-07-03Generic HTML Sanitizer Bypass Investigation
2023-06-22Hacking Google Cloud?