Back view of business woman talking to her colleagues about business plan in video conference. Multiethnic business team using laptop for a online meeting in video call. Group of businessmen and businesswomen smart working from home.
Zoom has a sudden surge of users when this pandemic begun. Employers are requiring their people to start working from home and group video calling is in demand. Zoom is the most favorite tool for video meeting, schooling, social talking.
Since zoom is now one of the center of technology used during this crisis. Attackers didn’t missed the chance to find vulnerabilities to it and successfully found one and ultimately used it to make fun.
The Zoom Software Vulnerabilities
One report about this issue was published by ADnews which apparently showed how hacker are able to interrupt a netting and show some pornographic images and spew hate speech.
From the Cisco Talos blog found two major vulnerabilities on the popular video conferencing software. The vulnerability explained that the attacker could use it to execute malicious code on the victims machines.
Zoom client software and Giphy extension (TALOS-2020-1055/CVE-2020-6109)
Code named (TALOS-2020-1055/CVE-2020-6109) the vulnerability found an exploitable path on the Zoom client Installer sofware version 4.6.10 that process messages that includes GIF’s or the Giphy feature.
Originally, only Giphy server could use the feature and process GIF’s messages. The attacker are able to use the path of this connection to inject malicious codes on it and trigger the vulnerability and execute it on the victims machines. We don’t have all day to explain the vulnerability so read here for more information about it.
The second zoom software vulnerability is the feature in which it stores zip files and automatically unpacking and user downloaded compressed file. Zoom does not perform validation during the extracting the files.
The vulnerability allows the attacker to inject binary codes on the zip file and executes it on the victims machine when Zoom automatically extract zip files.
This is not the first time that Cisco has able to find vulnerabilities on the software. Last may they also found one and immediately informed the Zoom technical team on it which was later fixed.
Make sure you have your anti-virus installed to avoid any malicious attacks on your PC that will affect your machine directly.