Menu
Cisco patches permission hijacking issue in WebEx Meetings app for Android

Cisco patches permission hijacking issue in WebEx Meetings app for Android

The flaw allowed rogue apps to gain the same permissions as Cisco's app

Cisco has fixed a vulnerability in its WebEx Meetings application for Android that allowed potentially rogue applications to hijack its permissions.

The issue, which affected all versions of the app older than 8.5.1, stemmed from the way custom application permissions were implemented and assigned at initialization time.

In addition to the default permissions defined by the OS, applications can declare and request custom permissions, a feature that the Android developers recommend be used only if absolutely necessary. It is also possible for apps to request to use custom permissions declared by another application.

An attacker could trick users to download a rogue application to their Android device and then use it to exploit the WebEx vulnerability to gain the same permissions, Cisco said in an advisory Tuesday.

Cico WebEx Meetings is a Web conferencing application that supports two-way video communications. Its permissions are extensive and include: access to find, add and remove accounts and contacts from the device; access to take pictures and record audio and access to read and modify the contents of the USB storage.

Users should make sure that they're running Cisco WebEx Meetings 8.5.1 or newer. The latest version is available on Google Play.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments