Now patched proof of concept exploits show how vulnerable Cisco Jabber was

Written 19 days ago by IanDorfman

A very recently patched exploit in Cisco's Jabber collaborative work and communication app enabled a single line of code to enable the spread of malware from one Windows-based computer to another.

Though Cisco patched the exploit on Wednesday September 2nd, it was a result of the Small Chromium Embedded Framework iconChromium Embedded Framework that is used to build and power Jabber. A window in the vulnerability checker for messages allowed for a malicious .exe file to be forced to transfer to a victim's Windows computer via a cross-site scripting attack.

The Watchcom Security Group in Norway uploaded a demonstration of the exploit to YouTube. Cisco's security advisory for it scored a 8.8 out of 10 in terms of severity using the Common Vulnerability Scoring System.

The Windows builds of versions 12.1 through 12.9 are the ones that are vulnerable. The latest release as of this publication, 12.9(1), is available for download via the official Cisco support website.

Further coverage:
Watchcom
Ars Technica