Security News > 2021 > March > Cisco addresses critical bug in Windows, macOS Jabber clients
Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS. Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol.
The vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes.
"A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution," Cisco's advisory explains.
Vulnerable software includes Cisco Jabber for Windows, macOS, Android, or iOS, versions 12.9 or earlier.
Cisco released security updates for four other medium and high severity Cisco Jabber vulnerabilities.
Cisco also published 37 other security advisories today, detailing security updates for other medium and high severity security flaws in multiple Cisco products.
News URL
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- Fake AI video generators infect Windows, macOS with infostealers (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)