Security News > 2021 > March > Cisco addresses critical bug in Windows, macOS Jabber clients
Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol.
The vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes.
"A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution," Cisco's advisory explains.
Vulnerable software includes Cisco Jabber for Windows, macOS, Android, or iOS, versions 12.9 or earlier.
Cisco released security updates for four other medium and high severity Cisco Jabber vulnerabilities.
Cisco also published 37 other security advisories today, detailing security updates for other medium and high severity security flaws in multiple Cisco products.
News URL
Related news
- LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Mozilla warns Windows users of critical Firefox sandbox escape flaw (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)