Oct 24, 2014 - Cisco WebEx Meeting Center on the Mac OS. Getting Started. Though not Mac-specific, these tutorials. Start/stop sending your video. Converting recordings to MP4 format The WebEx Network Recording Player does not support converting recordings to MP4 format on Mac systems. Linux Webcam video available in view-only mode Users starting or joining a meeting on Linux are not able to share their webcam video; they are only able to see the current speaker video, if it is being shared. Best blu ray dvd drive for mac. • • • • The big security issue of the week is a remote code execution hole related to the Cisco WebEx service. WebEx is a popular collaboration tool for online events such as meetings, webinars and videoconferences. Like many services of this sort, you access online events via your browser, augmented by a special-purpose browser extension. Browser extensions and plugins allow web developers to extend the software features inside your browser with a mixture of scripts and program code, for example to add configuration options or to support new audio and video formats. Of course, when you add another layer of programmatic complexity on top of an already-complex browser, it’s easy to add new security holes, too. Perhaps the best known example of a problematic plugin is, which has provided cybercrooks with such a fruitful source of exploitable security holes over the years that we have long been urging you to try to altogether. The latest security scare of this sort has been dubbed, and it applies to Cisco’s special-purpose. In oher words, if your organisation uses WebEx, you probably have the browser extension installed, and if you have it installed, you may be at risk. According to Tavis Ormandy at Google’s Project Zero, who the bug, there are more than 20 million WebEx users worldwide. So here is our quick checklist to help you decide what to do. What is the WebEx extension CVE-2017-3823 bug? Opening a web link that contains a special “magic string” ( cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html) automatically activates the WebEx extension inside your browser. As part of this activation process, the web link can feed executable code to the WebEx extension (essentially, it can tell WebEx to run an arbitrary Windows program), which will run it automatically without any sort of “Are you sure” or “OK/Cancel” dialog. That’s what is known as Remote Code Execution (RCE) or a drive-by install, one of the most serious sorts of vulnerability, commonly used by cybercriminals to break into your computer and plant malware on your network. Can I simply look out for the giveaway text of the magic string in my browser? If the booby-trapped WebEx URL were a regular clickable link, you would be able to hover over it before clicking on it and thus you could probably spot the subterfuge. But a savvy attacker would embedded the link in an invisble IFRAME, or activate it by a web script, in such a way that the RCE would be kicked off automatically and invisibly. Is this bug being actively exploited in the wild? Not that we know of. [2017-01-25:23:59Z] Q. Which browsers are affected? A., Internet Explorer, Chrome and Firefox on Windows are affected. Microsoft Edge on Windows and all browsers on Mac and Linux are safe. Is there a patch from Cisco? The most recent update for Chrome is Cisco WebEx extension 1.0.7. Cisco about this update at 2017-01-26T19:45Z, having issued and then withdrawn 1.0.3 and then 1.0.5 earlier this week after deeming them “incomplete.” However, at 2017-01-26T19:45Z, Cisco’s official Security Advisory page says: Cisco is currently developing updates that address this vulnerability for Firefox and Internet Explorer. There are no workarounds that address this vulnerability. What can I do while I wait for a fix? Using Microsoft Edge on Windows or any browser on Mac or Linux will shield you from this bug because it doesn’t apply on those platforms. You can also turn off WebEx support in your browser temporarily, thus preventing the Cisco extension or add-on from activating unexpectedly. In Internet Explorer 11, click on the Tools cog in the top right corner and choose the Manage add-ons option: Select the Cisco WebEx LLC add-on and choose Disable to turn it off: In Chrome, click on the vertical three dots in the top right corner and choose the Settings option: Go to the Extensions pane and untick the Enabled box to turn off the Cisco WebEx extension: Q.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2019
Categories |