1 min read

Security Researchers Find Critical Zero-Day Exploit in Zoom Messenger

Silviu STAHIE

April 12, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Security Researchers Find Critical Zero-Day Exploit in Zoom Messenger

A couple of security researchers have identified a critical, zero-day vulnerability in Zoom that allowed them to take control of the remote devices without user interaction.

Taking over a remote device, via network, with any input from the victim usually means that it’s a critical vulnerability. Since researchers just demonstrated the exploit chain, no information is available on how it works. We only know that DaanKeuper and Thijs Alkemade from Computest chained three bugs to exploit Zoom messenger.

The only details about the vulnerability appear in a short GIF posted on Twitter by the Zero Day Initiative, the organizers of Pwn2Own, a competition that gathered top white hat hackers from around the world. The researchers compromised a Windows 10 machine with the latest updates and ran the Calculator app.

While the exploit was shown running against Windows systems, MacOS machines are also affected. Zoom already works on a patch to fix the problems, especially since the company is a sponsor of the Pwn2Own Vancouver 2021 competition. Finding out about zero-day vulnerabilities in this type of competition is probably the best-case scenario.

“We are working to mitigate this issue with respect to Zoom Chat, our group messaging product. In-session chat in Zoom Meetings and Zoom Video Webinars are not impacted by the issue,” said the company in a statement to Tom’s Guide. “The attack must also originate from an accepted external contact or be a part of the target’s same organizational account.”

“As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust. If you think you’ve found a security issue with Zoom products, please send a detailed report to our Vulnerability Disclosure Program in our Trust Center,” they explained.

DaanKeuper and Thijs Alkemade received a $200,000 prize for their efforts.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content
Silviu STAHIE

January 21, 2022

1 min read
FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations
Filip TRUȚĂ

January 21, 2022

2 min read
Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read