Cisco plugs WebEx for Android bug
If you work for the kind of company that imposes the WebEx experience even on mobile users, it’s update time.
A bug rated medium severity by Cisco has emerged, in which a malicious Android app could borrow the permissions held by WebEx Meetings for Android.
Unfortunately, those permissions are quite extensive (app developers just can’t resist the temptation to “ask for everything,” can they?).
WebEx Meetings for Android asks for access to:
Usually, to get that kind of access, a malware-writer would have to trick users into clicking “okay” on an excessive set of permissions (which all too many people would do anyhow). The WebEx slip, it seems to Vulture South, bypasses the “present a button for someone to click” stage.
Cisco claims more than five million installs for the app on its Google Play page.
The bug, according to the Cisco announcement, is “due to the way custom application permissions are assigned at initialisation.”
It applies to all versions of WebEx Meetings for Android prior to 8.5.1. ®
Sponsored:
Go beyond APM with real-time IT operations analytics
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/12/02/cisco_plugs_webex_for_android_bug/