Antonio Nappa

Zimperium - App Analysis Team Lead

Talk Title

What it Takes to Patch High Impact Vulnerabilities: A Retrospective on WebP CVE


Salle Blin




12:25 > 20 min


on Twitter

In an exhaustive analysis of Flutter's ecosystem, we found that 204 versions harbor vulnerabilities linked to the WebP image format. Our initial assessments of applications from leading tech entities offer a glimmer of hope, showcasing that significant players have adopted stringent measures to combat this vulnerability. However, this optimism dims when examining a broader array of apps through a random sample, which reveals a normal distribution of vulnerability exposure, indicating a widespread risk across the Android app landscape. So how an average developer can keep up with the security game?
We will showcase methodologies and solutions that could help to stay updated, adhere to security best practices, and integrate "plug and play" security solutions that streamline the process of protecting apps.

Speaker Bio

Antonio Nappa is the Application Analysis Team Leader at Zimperium Inc. He has been in the cybersecurity game since 17 years old. He holds a PhD in Software and Systems from the Madrid Institute of Advanced Studies. He has been a visiting scholar at UC Berkeley. His contributions have been published and recognized in international peer-reviewed venues. Since the DEFCON 2008 Finals, he never goes to sleep with a segfault.