Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat

2020-06-03 08:53

Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely.

According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.

The second remote code execution vulnerability resided in the way vulnerable versions of the Zoom application process code snippets shared through the chat.

Cisco Talos researchers tested both flaws on version 4.6.10 of the Zoom client application and responsibly reported it to the company.

Released just last month, Zoom patched both critical vulnerabilities with the release of version 4.6.12 of its video conferencing software for Windows, macOS, or Linux computers.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/qgszbhEPRd0/zoom-video-software-hacking.html

#chat #critical #hack #zoom

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zoom		54	4	51	80	12	147