Zoom has become one of the most powerful companies in Video Conferencing in 2020. The Zoom has reached in 2019 10 Million active users.
Cyber security researcher Mazin Ahmed has presented on his blog some shortcomings in Zoom software making it exposed by hackers, this report by Ahmed has been done since September 2019, while the company Zoom has fixed this problem on August 3, 2020.
We mention here that from these attacks that occur, an attacker should have compromised equipping the victim with other means. But that does not detract from the flaws.
In this context, Ahmed unveiled a Linux launcher that could allow hackers to execute unauthorized software, due to the way “zoom” starts to launch.
“This is per user certificate pinning and intentionally allows for the user to allow custom certificates,” Zoom said of the certificate injection flaw. “The user can write to their own database, but no other non-root users can. It’s common best practice to have user applications run at their privilege level, as requiring Zoom to run as root would introduce unnecessary security risks to Zoom and our customers.”
“After an internal investigation, we’ve concluded that the behavior was not a memory leak but just our image utility’s best effort at converting a malformed gif into a jpeg,” the company said.
It’s recommended that users update Zoom to the latest version to mitigate any risk arising out of these issues.
The development came as the company resolved a security flaw last month. It allowed attackers to crack the numeric pass code used to secure private meetings on the platform and eavesdrop on participants.