Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems
Mar 25, 2021
Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an "attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition," the networking major said in an advisory. The issues concern a total of five security vulnerabilities, three of which (CVE-2021-1411, CVE-2021-1417, and CVE-2021-1418) were reported to the company by Olav Sortland Thoresen of Watchcom, with two others (CVE-2021-1469 and CVE-2021-1471) uncovered during internal security testing. Cisco notes that the flaws are not dependent on one another, and that exploitation of any one of the vulnerabilities doesn't hinge on the exploitation of another. But in order to do this, an attacker needs to be authenti