Zoom, the popular video conferencing service that, in recent months, has experienced exponential growth in both the volume of users and the security problems that it has turned out to have. And two critical new Zoom vulnerabilities were found in the Zoom video conferencing tool that would allow an attacker to compromise the victim’s computer by sending specially crafted messages through the tool’s chat. In this way, an attacker who manages to exploit these new vulnerabilities (CVE-2020-6109 and CVE-2020-6110) could execute malicious code by writing or planting arbitrary files, which allow the attacker to make modifications to the compromised system.
Fortunately, the vulnerabilities were detected by Talos, which, following the procedure established in these cases, informed Zoom of the security problems and, although it published the respective CVEs, it has not disclosed the nature of them until Zoom has gotten down to it. the work to solve the problems.
Critical Zoom vulnerabilities
▸CVE-2020-6109
This vulnerability affects version 4.6.10 of the Zoom client and, based on it, an attacker can compromise its security by sending a specially crafted message to a target user or group. It is related to the way this application handles gif files and an anomaly in the management of file paths.
▸CVE-2020-6110
This vulnerability affects version 4.6.10 of Zoom, it lies in the way of processing messages that include code fragments (snippets) shared through the app’s chat, allowing an attacker to exploit the vulnerability by sending messages specially designed to plant arbitrary binaries that would allow arbitrary code execution in a second instance without the need for interaction by the victim.
Other reads:
Videoconference Security, How can we improve it
Top Best Video Conferencing Platforms
I’m very happy to read this. This is the type of manual that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this greatest doc.