A single textual content is all it took to unleash code-execution worm in Cisco Jabber

Promotional screenshot of collaborative video conferencing app.

Enlarge (credit score: Cisco)

Till Wednesday, a single textual content message despatched by Cisco’s Jabber collaboration software was all it took to the touch off a self-replicating assault that will unfold malware from one Home windows person to a different, researchers who developed the exploit mentioned.

The wormable assault was the results of a number of flaws, which Cisco patched on Wednesday, within the Chromium Embedded Framework that types the muse of the Jabber shopper. A filter that’s designed to dam doubtlessly malicious content material in incoming messages did not scrutinize code that invoked a programming interface referred to as “onanimationstart.”

Leaping by hoops

However even then, the filter nonetheless blocked content material that contained <model>, an HTML tag that needed to be included in a malicious payload. To bypass that safety, the researchers used code that was tailor-made to a built-in animation part referred to as spinner-grow. With that, the researchers have been in a position to obtain a cross-site scripting exploit that injected a malicious payload straight into the internals of the browser constructed into Jabber.

Learn 10 remaining paragraphs | Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *