Menu
Cisco patches permission hijacking issue in WebEx Meetings app for Android

Cisco patches permission hijacking issue in WebEx Meetings app for Android

The flaw allowed rogue apps to gain the same permissions as Cisco's app

Cisco has fixed a vulnerability in its WebEx Meetings application for Android that allowed potentially rogue applications to hijack its permissions.

The issue, which affected all versions of the app older than 8.5.1, stemmed from the way custom application permissions were implemented and assigned at initialization time.

In addition to the default permissions defined by the OS, applications can declare and request custom permissions, a feature that the Android developers recommend be used only if absolutely necessary. It is also possible for apps to request to use custom permissions declared by another application.

An attacker could trick users to download a rogue application to their Android device and then use it to exploit the WebEx vulnerability to gain the same permissions, Cisco said in an advisory Tuesday.

Cico WebEx Meetings is a Web conferencing application that supports two-way video communications. Its permissions are extensive and include: access to find, add and remove accounts and contacts from the device; access to take pictures and record audio and access to read and modify the contents of the USB storage.

Users should make sure that they're running Cisco WebEx Meetings 8.5.1 or newer. The latest version is available on Google Play.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
Show Comments