Cisco warns of fresh Webex vulnerabilities

The former networking giant, which has reinvented itself as a IT services and security firm, said it has issued an update to the Webex software to counter multiple security vulnerabilities in Webex WRF player, an archiving utility used to play back recorded audio from Webex recordings.

According to the Cisco advisory, users should be on alert for an update option when the software is launched, as well as ensuring their IT security software is patched and up-to-date.

According to newswire reports, the security vulnerability in Webex was disclosed to Cisco by researchers Xiaopeng Zhang and Zhenhua Liu of Fortinet's FortiGuard Labs.

According to Zhang and Liu's update on the issue, there are six security vulnerabilities, covering the the Windows, Linux and OS X versions of the player, and all are fixed in the latest versions being released by Cisco.

If targeted, the security vulnerabilities could be exploited to allow an attacker to remotely install code on a targeted machine.

Cisco has said, however that far no attacks targeting the flaw have been spotted in the wild.

In its advisory to users, Cisco said: "If the WRF Player was automatically installed, the Webex WRF player will be automatically upgraded to the latest, non-vulnerable version when users access a WRF file hosted on a Webex server."

"If the Webex WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version."

What’s Hot on Infosecurity Magazine?