WhatsApp, Cisco Webex have security vulnerabilities, warns CERT-In

State-run cybersecurity agency Indian Computer Emergency Response Team (CERT-In) has warned that the popular messenger app WhatsApp and Cisco Webex video call service have vulnerabilities that can enable hackers to steal important user-data in phones and PCs.

. "Multiple vulnerabilities have been reported in WhatsApp and WhatsApp Business for iOS which could allow a remote attacker to bypass security restrictions or execute arbitrary code on the target system,” CERT-In said in a statement.

. As said above, this loophole is found particularly in the iOS version of WhatsApp, and WhatsApp Business. Hackers can misuse Access Control vulneribility in the screen-lock of the application and use Siri digital assistant to make illegal access to WhatsApp even if the iPhone is locked.

. CERT-In has advised the users to update to the latest WhatsApp update and also iPhone users to upgrade to the iOS 14.2 immediately.

. As far as the Cisco Webex video service is concerned, it has Arbitrary Code Execution vulnerability in the Desktop application for Windows PCs.

. "A vulnerability exists in virtualisation channel messaging in the Cisco Webex Meeting app and with improper validation of messages processed by the Cisco app, it could allow the attacker to execute arbitrary code on a targeted system. An attacker could exploit this vulnerability by sending malicious messages to the affected software by using the virtualisation channel interface. Successful exploitations of this vulnerability could allow an attacker to modify the underlying operating system configuration, which could allow the attacker to execute arbitrary code with the privileges of a targeted user," CERT-In said.

. It has also found another vulnerability in the Cisco IOS XR 64-bit software as well. The security loophole could allow an attacker to compromise PXE (Preboot eXecution Environment) boot server and replace a valid software image with a malicious one. Alternatively, a cybercriminal can impersonate the PXE boot server and send a PXE boot reply with a malicious file.

. The Indian security agency suggests the Cisco Webex and IOS XR 64-bit software users update their applications immediately to avoid getting hacked.

. Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech .

WhatsApp, Cisco Webex have security vulnerabilities, warns CERT-In

Follow us on :

Follow Us