Zoom has been under the spotlight during the last few months as covid-19 caused most of the world to work from home. It seemed ZOOM was doing much better bit now security researchers have found two critical security issues that could effectively allow hacker to take over your device. So if you are using Zoom especially during this challenging time make sure you are running the latest version.
Zoom patched these vulnerabilities very quickly when Cisco Talos security researchers alerted these issues. But if you have installed the latest version of zoom you should now be mandatory protected.
The bad news is at least one of these security is pretty serious.
What were the two zoom vulnerabilities?
The first vulnerability discovered by Talos was an exploitable path traversal vulnerability in the Zoom app version 4.6.10 related to the GIF functionality.
First  security flaw was tracked as CVE-2020-6109  where it is placed in Zoom leverages GIPHY service which was recently bought by Facebook to let users search and exchange animated GIFs while chatting. Where this security flaw allowed the attacker to embed GIFs from a third-part attacker-controlled server also allowing the attacker to traverse your working directories and tricking the application to save malicious files disguised as GIFs
Talos says there is a server side fix for this issue but the researches believes that it still also requires fix on the client side to completely resolve the security risk
The second  vulnerability fixed in may is a Zoom client application chat code snippet Remote code execution vulnerability tracked as CVE-2020-6110 all the attacker would need to do is trigger this vulnerability by sending a specially crafted message.
Security Improvement
Zoom is currently working ahead to improve its security defense and communicating with security researchers.
The platform is currently being investigated by Newyork Attorney General Letita James who has set out to ensure that the company’s data privacy and security practices are sufficient as it uses.
For more blogs you can subscribe in the email box at right or you could follow us on facebook
stay tuned for more, have a nice day 😊

Further reading

Author Image

About Author
Hisham Elreedy is Digital Electronics Engineer, Graphics Designer, Blogger, Youtuber. Inspired to teach all he knows from his experience in studying undergraduate engineering by creating useful posts