Login

Register

Login

Register

Two Critical Flaws in Zoom Could’ve Let Attackers Hack Systems via Chat | #hackernews | #cybersecurity | #informationsecurity


If you’re using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers.

No, it’s not about the arrival of the most-awaited “real” end-to-end encryption feature, which apparently, according to the latest news, would now only be available to paid users. Instead, this latest warning is about two newly discovered critical vulnerabilities.

Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely.

Both flaws in question are path traversal vulnerabilities that can be exploited to write or plant arbitrary files on the systems running vulnerable versions of the video conferencing software to execute malicious code.

According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.

The first security vulnerability (CVE-2020-6109) resided in the way Zoom leverages GIPHY service, recently bought by Facebook, to let its users search and exchange animated GIFs while chatting.

Researchers find that the Zoom application did not check whether a shared GIF is loading from Giphy service or not, allowing an attacker to embed GIFs from a third-party attacker-controlled server, which zoom by design cache/store on the recipients’ system in a specific folder associated with the application.

Besides that, since the application was also not sanitizing the filenames, it could have allowed attackers to achieve directory traversal, tricking the application into saving malicious files disguised as GIFs to any location on the victim’s system, for example, the startup folder.

The second remote code execution vulnerability (CVE-2020-6110) resided in the way vulnerable versions of the Zoom application process code snippets shared through the chat.

“Zoom’s chat functionality is built on top of XMPP standard with additional extensions to support the rich user experience. One of those extensions supports a feature of including source code snippets that have full syntax highlighting support. The feature to send code snippets requires the installation of an additional plugin but receiving them does not. This feature is implemented as an extension of file sharing support,” the researchers said.

This feature creates a zip archive of the shared code snippet before sending and then automatically unzips it on the recipient’s system.

According to the researchers, Zoom’s zip file extraction feature does not validate the contents of the zip file before extracting it, allowing the attacker to plant arbitrary binaries on targeted computers.

“Additionally, a partial path traversal issue allows the specially crafted zip file to write files outside the intended randomly generated directory,” the researchers said.

Cisco Talos researchers tested both flaws on version 4.6.10 of the Zoom client application and responsibly reported it to the company.

Released just last month, Zoom patched both critical vulnerabilities with the release of version 4.6.12 of its video conferencing software for Windows, macOS, or Linux computers.

_________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.


[ad_2]
Source link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW