Home स्मार्टफोन Zoom Security Flaw Lets Hackers Take Control of Your PC, Patch to...

Zoom Security Flaw Lets Hackers Take Control of Your PC, Patch to be Issued Soon


Zoom has already had its fair share of cyber security issues for a lifetime, and the video conferencing app took a while (and Alex Stamos) to steady its ship on the security front after finding unexpected popularity due to the Covid-19-necessitated work from home mandates. Now, it appears to still have retained a critical security flaw that could allow threat actors with intent to exploit the vulnerability and undertake a remote code execution (RCE) attack to take control of host PCs. The vulnerability was discovered by two Computest cyber security researchers at the recent Pwn2Own competition, organised by the Zero Day Initiative.

For the hack to work, the attacker first needs to be a part of the same organisational domain as the host PC’s user, or needs to be permitted to join the meeting by the host – hence adding one layer of security, if not anything else. However, security and privacy advocates clearly know that social engineering attacks can quite clearly breach barriers such as feigning stolen identities to gain access to private conferences and meetings – although this represents a different cyber security debate altogether.

Nevertheless, with the Zoom vulnerability, once attackers were part of a meeting, they could execute a chain of three malware relays to install an RCE backdoor on the targeted PC. In simpler terms, the attackers can gain access to your PC, and subsequently be able to execute remote commands that would then give them access to your sensitive files. What’s even more alarming here is that the attackers can carry out all of these actions without any user being required to do anything, therefore doing away with an added interaction layer that could have slowed down the potential of such attacks.

Computest researchers Daan Keuter and Thijs Alkemade were awarded a $200,000 (~Rs 1.5 crore) bounty for making the critical discovery, which was also one of the headlining finds of this year’s Pwn2Own. The attack works on both Windows and Mac, and Zoom’s iOS and Android apps haven’t been tested for it, yet. The browser version remains unaffected with it. Since Zoom is yet to patch the flaw, the exact technical details of the vulnerability have not been disclosed to the public, yet. The said patch should arrive on Zoom for Windows and Mac within the next 90 days.

Read all the Latest News and Breaking News here



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Wi-Fi Vulnerabilities Impacting Nearly All Connected Devices Discovered

कई कमजोरियों का पता चला है जो सभी आधुनिक वाई-फाई सुरक्षा प्रोटोकॉल को प्रभावित करने और स्मार्टफ़ोन से लेकर राउटर और यहां तक...

WhatsApp tells on Aarogya Setu, Zomato, Ola, BigBasket, claims that THESE apps collect more data

New Delhi: WhatsApp has filed a petition in the Delhi High court alleging that other Indian mobile applications are collecting even more data...

Unbelievable! Get unlimited data with BSNL Rs 98 prepaid plan

New Delhi: With employees working and students studying from the safety and comfort of their homes, there has been an increased demand for...

Xiaomi launches Redmi Note 10S with 6.43-inch AMOLED display, check prices, features and more

New Delhi: After launching Redmi Note 10S in global markets in March, Xiaomi has finally launched the smartphone in India on Thursday (May,...

Recent Comments