Security News > 2021 > March > Cisco addresses critical bug in Windows, macOS Jabber clients
Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol.
The vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes.
"A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution," Cisco's advisory explains.
Vulnerable software includes Cisco Jabber for Windows, macOS, Android, or iOS, versions 12.9 or earlier.
Cisco released security updates for four other medium and high severity Cisco Jabber vulnerabilities.
Cisco also published 37 other security advisories today, detailing security updates for other medium and high severity security flaws in multiple Cisco products.
News URL
Related news
- Proof-of-concept code released for zero-click critical IPv6 Windows hole (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)