Two additional flaws, also patched in September, were also patched Thursday. Researchers with Watchcom, who discovered the flaw, said at the time of the original discovery the implications of the vulnerability are especially serious given the current pandemic-driven work-from-home trend. The flaw ( CVE-2020-26085) has a CVSS score of 9.9 out of 10, making it critical in severity. The bug impacts Cisco Jabber for Windows, Jabber for MacOS and the Jabber for mobile platforms. “This means that it can be used to automatically spread malware without any user interaction,” they told Threatpost on Thursday. This critical bug “does not require user interaction and is wormable, since the payload is delivered via an instant message,” said the researchers at Watchcom who found the flaw. The cross-site scripting bug could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target’s system running the Jabber application. Cisco Systems released an updated patch for a critical vulnerability in its video and instant messaging platform Jabber, originally patched in September.
0 kommentar(er)
