AlternativeTo Logo

Now patched proof of concept exploits show how vulnerable Cisco Jabber was

almost 2 years ago by IanDorfman

A very recently patched exploit in Cisco's Jabber collaborative work and communication app enabled a single line of code to enable the spread of malware from one Windows-based computer to another.

Though Cisco patched the exploit on Wednesday September 2nd, it was a result of the Chromium Embedded Framework that is used to build and power Jabber. A window in the vulnerability checker for messages allowed for a malicious .exe file to be forced to transfer to a victim's Windows computer via a cross-site scripting attack.

The Watchcom Security Group in Norway uploaded a demonstration of the exploit to YouTube. Cisco's security advisory for it scored a 8.8 out of 10 in terms of severity using the Common Vulnerability Scoring System.

The Windows builds of versions 12.1 through 12.9 are the ones that are vulnerable. The latest release as of this publication, 12.9(1), is available for download via the official Cisco support website.

Further coverage: Watchcom Ars Technica

  • FreeProprietary
  • Windows
  • iPhone
  • iPad

Unifying Communications Across Platforms and Devices.