Security News > 2020 > April > Two Zoom Zero-Day Flaws Uncovered

Two Zoom Zero-Day Flaws Uncovered
2020-04-01 16:00

UPDATE. Two zero-day flaws have been uncovered in Zoom's macOS client version, according to researchers.

The two flaws, uncovered by Patrick Wardle, principle security researcher with Jamf, emerge as Zoom comes under increased scrutiny over its security measures, particularly with more employees working from home over the past few weeks due to the coronavirus pandemic.

The issue stems from the Zoom installer using the AuthorizationExecuteWithPrivileges application programming interface function, which is used to install the Zoom MacOS app without any user interaction.

The second zero day flaw gives attackers Zoom's mic and camera access, allowing for a way to record Zoom meetings, or snoop in on victims' personal lives - sans a user access prompt.

On Tuesday, security researchers uncovered a Universal Naming Convention path injection vulnerability in the Zoom Windows client, which could enable attackers to steal Windows credentials of users.


News URL

https://threatpost.com/two-zoom-zero-day-flaws-uncovered/154337/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 54 4 51 80 12 147