RSS Alerts

Related Links

Related Stories

  • Cisco annual information security report highlights
    Cisco has released its annual information security report for 2009 and the year-end analysis makes for some interesting reading, not least because it highlights the impact of social media on network security and the critical role that people - not technology - play in creating opportunities for cybercriminals.
  • Cisco, EMC and VMware form cloud computing coalition
    Cisco, EMC - the parent company to RSA Security - and VMware have formed the Virtual Computing Environment (VCE) coalition, a collaboration designed to boost the adoption of virtualisation in the cloud.
  • Cisco scoops up ScanSafe for US$183 million
    Cisco Systems has announced plans to acquire ScanSafe, the privately held security software company for around US$183 million.
  • The iPod and iPhone could be used for hacking
    Applications on the Apple iTunes website are arguably what makes the iPhone so popular in mobile phone circles, but a growing number of users are unlocking (jailbreaking) their iPhones, for the simple reason that it opens up the mobile to third-party applications. This means the iPod and iPhone could be used for hacking.
  • Information security in China: A license to print money
    With 200 million internet users in China, and a predicted annual growth rate of 17% for the information security market until 2013, why would security vendors want to go anywhere else? William Knight investigates

News

Cisco warns of fresh Webex vulnerabilities

21 December 2009

Cisco has warned users of new vulnerabilities in its Webex conferencing system, the firm which it acquired in March 2007.

The former networking giant, which has reinvented itself as a IT services and security firm, said it has issued an update to the Webex software to counter multiple security vulnerabilities in Webex WRF player, an archiving utility used to play back recorded audio from Webex recordings.

According to the Cisco advisory, users should be on alert for an update option when the software is launched, as well as ensuring their IT security software is patched and up-to-date.

According to newswire reports, the security vulnerability in Webex was disclosed to Cisco by researchers Xiaopeng Zhang and Zhenhua Liu of Fortinet's FortiGuard Labs.

According to Zhang and Liu's update on the issue, there are six security vulnerabilities, covering the the Windows, Linux and OS X versions of the player, and all are fixed in the latest versions being released by Cisco.

If targeted, the security vulnerabilities could be exploited to allow an attacker to remotely install code on a targeted machine.

Cisco has said, however that far no attacks targeting the flaw have been spotted in the wild.

In its advisory to users, Cisco said: "If the WRF Player was automatically installed, the Webex WRF player will be automatically upgraded to the latest, non-vulnerable version when users access a WRF file hosted on a Webex server."

"If the Webex WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version."

 

This article is featured in:
Application Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water