Experts at McAfee Advanced Threat Research say they were just doing
general studies of Avaya desk phone security when they stumbled on the
reincarnated bug.An attacker could exploit it to take over the phone’s operations, extract audio from calls, and even essentially bug the phone to spy on its surroundings.
“It was kind of a holy crap moment,” says Steve Povolny, McAfee's head of advanced threat research...
Though a fix is now available (again), the McAfee researchers note that it will take time for the patch to distribute out to all the corporate and institutional environments where vulnerable phones are lurking on every desk. more
My past posts about Avaya eavesdropping vulnerabilities.
Update: Avaya is second only to Cisco in the enterprise VoIP market, and is used by almost all of the Fortune 100. The company's response and advisory notice can be found here.
