Security News > 2021 > March > Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data
2021-03-18 15:52

A security blip in the current version of Zoom could inadvertently leak users' data to other meeting participants on a call.

The flaw stems from a glitch in the screen sharing function of video conferencing platform Zoom.

"Under certain conditions" if a Zoom presenter chooses to share one application window, the share-screen feature briefly transmits content of other application windows to meeting participants, according to German-based SySS security consultant Michael Strametz, who discovered the flaw, and researcher Matthias Deeg, in a Thursday disclosure advisory.

While this would only occur briefly, researchers warn that other meeting participants who are recording the Zoom meeting are able to then go back to the recording and fully view any potentially sensitive data leaked through that transmission.

"I hope that Zoom will soon fix this issue and my only advice for all Zoom users is to be careful when using the screen sharing functionality and strict 'clean virtual desktop' policy during Zoom meetings."

With the coronavirus pandemic driving more organizations to "Flatten the curve" by going remote over the past year - and thus various web conferencing platforms - Zoom has been grappling with various security and privacy issues, including attackers hijacking online meetings in what are called Zoom bombing attacks.


News URL

https://threatpost.com/zoom-glitch-leaks-data/164876/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 56 4 67 57 10 138