Security Researchers Find Critical Zero-Day Exploit in Zoom Messenger
A couple of security researchers have identified a critical, zero-day vulnerability in Zoom that allowed them to take control of the remote devices without user interaction.
Taking over a remote device, via network, with any input from the victim usually means that it’s a critical vulnerability. Since researchers just demonstrated the exploit chain, no information is available on how it works. We only know that DaanKeuper and Thijs Alkemade from Computest chained three bugs to exploit Zoom messenger.
The only details about the vulnerability appear in a short GIF posted on Twitter by the Zero Day Initiative, the organizers of Pwn2Own, a competition that gathered top white hat hackers from around the world. The researchers compromised a Windows 10 machine with the latest updates and ran the Calculator app.
While the exploit was shown running against Windows systems, MacOS machines are also affected. Zoom already works on a patch to fix the problems, especially since the company is a sponsor of the Pwn2Own Vancouver 2021 competition. Finding out about zero-day vulnerabilities in this type of competition is probably the best-case scenario.
“We are working to mitigate this issue with respect to Zoom Chat, our group messaging product. In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue,” said the company in a statement to Tom’s Guide. “The attack must also originate from an accepted external contact or be a part of the target’s same organizational account.”
“As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust. If you think you’ve found a security issue with Zoom products, please send a detailed report to our Vulnerability Disclosure Program in our Trust Center,” they explained.
DaanKeuper and Thijs Alkemade received a $200,000 prize for their efforts.
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022
Top Three Ways Internet Users Unknowingly Help Cybercriminals
February 25, 2022