E-PAPER
ADVERTISEMENT
Homespecials
WhatsApp, Cisco Webex have security vulnerabilities, warns CERT-InCERT-In has asked users to update their WhatsApp and Cisco apps immediately.
Rohit KVN
DH Web Desk
Last Updated IST
WhatsApp logo. Credit: Pixabay
WhatsApp logo. Credit: Pixabay

State-run cybersecurity agency Indian Computer Emergency Response Team (CERT-In) has warned that the popular messenger app WhatsApp and Cisco Webex video call service have vulnerabilities that can enable hackers to steal important user-data in phones and PCs.

"Multiple vulnerabilities have been reported in WhatsApp and WhatsApp Business for iOS which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system,” CERT-In said in a statement.

As said above, this loophole is found particularly in the iOS version of WhatsApp, and WhatsApp Business. Hackers can misuse Access Control vulneribility in the screen-lock of the application and use Siri digital assistant to make illegal access to WhatsApp even if the iPhone is locked.

ADVERTISEMENT

CERT-In has advised the users to update to the latest WhatsApp update and also iPhone users to upgrade to the iOS 14.2 immediately.

As far as the Cisco Webex video service is concerned, it has Arbitrary Code Execution vulnerability in the Desktop application for Windows PCs.

"A vulnerability exists in virtualisation channel messaging in the Cisco Webex Meeting app and with improper validation of messages processed by the Cisco app, it could allow the attacker to execute arbitrary code on a targeted system. An attacker could exploit this vulnerability by sending malicious messages to the affected software by using the virtualisation channel interface. Successful exploitations of this vulnerability could allow an attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user," CERT-In said.

Cisco Webex app for Windows. Credit: Cisco website

It has also found another vulnerability in the Cisco IOS XR 64-bit software as well. The security loophole could allow an attacker to compromise PXE (Preboot eXecution Environment) boot server and replace a valid software image with a malicious one. Alternatively, a cybercriminal can impersonate the PXE boot server and send a PXE boot reply with a malicious file.

The Indian security agency suggests the Cisco Webex and IOS XR 64-bit software users update their applications immediately to avoid getting hacked.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

ADVERTISEMENT
(Published 11 November 2020, 13:32 IST)
WhatsAppDH TechhackingCyber CrimesCERT-INCisco Webex
India
Opinion
Karnataka
India Politics
Sports
Entertainment
Technology
World
Specials
Sign up for Newsletters
The Printers Mysore Ltd
Prajavani
Sudha
Mayura
Epaper
Classifieds
Contact
About
Privacy Policy
Terms
Disclaimer
Grievance Redressal