1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Zoom has patched a number of security issues

    From TechnologyDaily@1337:1/100 to All on Wed May 25 13:30:04 2022
    Zoom has patched a number of security issues

    Date:
    Wed, 25 May 2022 12:15:43 +0000

    Description:
    One of the flaws allowed for remote code execution, with Zoom users urged to patch immediately.

    FULL STORY ======================================================================

    Zoom has patched several security vulnerabilities, including a high-severity one that could allow attackers to remotely execute code on the target
    endpoint .

    The bug, first discovered by Google Project Zero security researcher Ivan Fratric, can be exploited without any interaction on the victims side.

    The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol," Fratric said in his explanation of the flaw. Zoom security flaws

    Tracked as CVE-2022-22786, the flaw revolves around the fact that Zooms server, and that of the client, use different XML parsing libraries, and as a result, XMPP messages get parsed differently by the two. Its only found on Windows devices.

    By sending a specific message, an attacker can force the target client to connect to a middle server, and get an old, 2019 version of Zoom, installed. That helps the attacker launch a more devastating attack.

    "The installer for this version is still properly signed, however, it does
    not do any security checks on the .cab file," the researcher explained. "To demonstrate the impact of the attack, I replaced Zoom.exe in the .cab with a binary that just opens Windows Calculator app and observed Calculator being opened after the 'update' was installed." Read more

    These security flaws could have let intruders snoop on your Zoom meetings


    Zoom says Windows 7 PCs no longer at risk from this major security flaw


    Zoom is finally adding this essential feature on Windows and macOS

    The flaw was addressed in the video conferencing platform's latest update.
    All users are urged to patch to version 5.10.0 as soon as possible. This
    patch also fixes a number of other vulnerabilities, including one that
    enables sending user session cookies to a non-Zoom domain.

    Other vulnerabilities fixed in this patch are tracked as CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787 and have been observed on Android, iOS, Linux, macOS, and Windows operating systems.

    According to ZDNet, Fratric first discovered the flaws in February this year, while Zoom fixed a little under two months later, on April 24. Keep your
    video conferencing sessions for yourself with the best firewalls around

    Via: ZDNet



    ======================================================================
    Link to news story: https://www.techradar.com/news/zoom-has-patched-a-number-of-security-issues/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)