fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Cisco Addresses Critical Bug In Windows, MacOS Jabber Clients

Cisco Addresses Critical Bug In Windows, MacOS Jabber Clients

Cisco has addressed a critical arbitrary program execution vulnerability impacting several versions of Cisco Jabber client software for Windows, macOS, Android, and iOS.

Cisco Jabber is a web conferencing and instant messaging app that allows users to send messages via the Extensible Messaging and Presence Protocol (XMPP).

The vulnerability was reported by Olav Sortland Thoresen of Watchcom. Cisco’s Product Security Incident Response Team (PSIRT) says that the flaw is not currently exploited in the wild.

Almost maximum severity rating

The security flaw tracked as CVE-2021-1411 was rated by Cisco with a 9.9/10 severity score, and it is caused by improper input validation of incoming messages’ contents.

Luckily, to exploit this critical bug, attackers need to be authenticated to an XMPP server used by the vulnerable software to send maliciously-crafted XMPP messages to their target’s device.

Additionally, the vulnerability does not affect Cisco Jabber client software configured for Team Messaging or Phone-only modes.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

However, successful exploitation of CVE-2021-1411—which doesn’t require user interaction—can enable authenticated, remote attackers to execute arbitrary programs on Windows, macOS, Android, or iOS devices running unpatched Jabber client software.

“A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, which could result in arbitrary code execution,” Cisco’s advisory explains.

Vulnerable software includes Cisco Jabber for Windows, macOS, Android, or iOS, versions 12.9 or earlier.

Four more Cisco Jabber bugs patched today

Cisco released security updates for four other medium and high severity Cisco Jabber vulnerabilities (tracked as CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471).

These security bugs could enable remote attackers to execute arbitrary programs, gain access to sensitive information, and trigger denial-of-service states after exploiting them on devices running unpatched software.

Cisco Jabber PlatformAssociated CVE IDs
WindowsCVE-2021-1411, CVE-2021-1417, CVE-2021-1418, CVE-2021-1469, and CVE-2021-1471
macOSCVE-2021-1418 and CVE-2021-1471
Android and iOSCVE-2021-1418 and CVE-2021-1471

Cisco also published 37 other security advisories today, detailing security updates for other medium and high severity security flaws in multiple Cisco products.

Also Read: The DNC Singapore: Looking At 2 Sides Better

In related news, last year, the company fixed two similar critical-level remote code execution bugs [12] found in the Cisco Jabber IM client software, both discovered and reported by Watchcom’s Olav Sortland Thoresen.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us