Experts Insight On Researchers Discovered Multiple Security Vulnerabilities In Zoom

Cybersecurity researcher Mazin Ahmed discovered Zoom vulnerabilities that allowed data theft and malware deployment. According to findings presented at DEF CON 2020, Zoom left a misconfigured development instance exposed that wasn’t updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched.

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Paul Bischoff
Paul Bischoff , Privacy Advocate
InfoSec Expert
August 12, 2020 2:20 pm

The average Zoom user shouldn\’t worry too much about these proof-of-concept attacks demonstrated at Defcon. Two of the attacks were against Zoom\’s Linux client, which accounts for a small percentage of Zoom\’s total users. They also require the device to have been previously compromised by some other malware. Zoom has since patched these flaws so they never reached zero-day status. Users just need to update their Zoom app to get the latest security patches.

Last edited 2 years ago by Paul Bischoff
Chris Hauk
Chris Hauk , Consumer Privacy Champion
InfoSec Expert
August 12, 2020 2:18 pm

The Zoom security flaws are just the latest in an ongoing series of recently discovered flaws leaving users of many apps open to attacks by the bad guys. Luckily, there are white hat cybersecurity researchers like Mazin Ahmed that are working to identify and disclose such security flaws to companies to allow them to plug the holes.

I believe we will continue to see disclosures such as this in the near future. As these tools are put to the test by the at-home workforce, both the good guys and the bad guys will step up efforts to discover security issues in apps and services in heavy use by the at-home workforce.

Last edited 2 years ago by Chris Hauk
Tal Zamir
Tal Zamir , Founder and CTO
InfoSec Expert
August 12, 2020 2:17 pm

Zoom is one of the most popular non-browser apps these days, and its vulnerabilities should be among enterprises’ primary concerns. Unfortunately, we\’ll see additional such vulnerabilities and subsequent attacks with collaboration tools such as Zoom, Teams, and Slack, as they all have a wide attack surface. To really protect against endpoint threats in a comprehensive way, enterprises should adopt OS isolation techniques that move sensitive enterprise apps, data, and credentials into a separate OS that is isolated from riskier external-facing apps.

Last edited 2 years ago by Tal Zamir
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x