Severe Zimbra Flaw Runs Malicious Code Directly in Your Inbox

https://hothardware.com/contentimages/NewsItem/71095/content/16x9_2133x1200_highres-zimbra.jpg

The open source, enterprise email software Zimbra was recently updated to version 10.1.19, and parent company Synacor urged users to update as soon as possible. Specifically, the update addresses a vulnerability in the Classic Web Client, where malicious emails could execute arbitrary code when opened due to a cross-site scripting (XSS) exploit, compromising the security of the account and machine. As The Hacker News notes, XSS flaws have been commonly used to target web email servers like Zimbra since as far back as December 2021.

Zimbra's software has becomes a target for malware execution

Since older versions of Zimbra's Classic Web Client are considered highly vulnerable, all users and organizations are advised to upgrade to Zimbra version 10.1.19 as soon as possible. No attacks are currently documented with this specific XSS exploit at this point in time, but it is important to keep security software up-to-date before an exploit becomes...

Copyright of this story solely belongs to hothardware.com. To see the full text click HERE

Read more