Zoom vulnerabilities could give attackers webcam, microphone access

Zoom vulnerabilities could give attackers webcam, microphone access”

The popular video conferencing company Zoom has been under scrutiny over the past few days for the method used to install the Mac version of its app, which essentially abused a "preflight" compatibility check to install the app without the user needing to explicitly grant installation permission, as highlighted by developer Felix Seele earlier this week.

According to researchers at Bleeping Computer, Zoom allows hackers to steal Microsoft Windows password. He urged users to immediately apply the patches.

Yuan acknowledged that the huge influx of new users, including smaller businesses as well as consumers looking to connect with friends and family, has put stress on the platform and led to the detection of security vulnerabilities. The company is now planning a 90-day review to address these issues and is freezing adding new features.

"We are actively investigating and working to address these issues".

"Today, we uncovered two (local) security issues affecting Zoom's macOS application", said Wardle in a post this week. "Because the API does not validate the binary that will be executed (as root!) ...meaning a local unprivileged attacker or piece of malware may be able to surreptitiously tamper or replace that item in order to escalate their privileges to root (as well)", Wardle writes.

Zoom's programming choices here could allow malicious code to record users' video conferences, and surreptitously access microphones and cameras with people receiving no warning prompts. The zero-days require physical access to a victim's computer, or a post malware infection attack that establishes a preexisting foothold on the system.

Zoom vulnerabilities could give attackers webcam, microphone access

The Intercept would also go on to report that Zoom's meetings aren't protected by end-to-end encryption, despite the company claiming that its product uses the feature several times in marketing.

'However if you value either your (cyber) security or privacy, you may want to think twice about using (the macOS version of) the app'.

"Zoom should not render UNC paths as hyperlinks is the fix, I have notified App as I disclosed it on Twitter", security research Matthew Hickey told analysts.

Vice reports that "by analyzing the network traffic of the Zoom iOS app, Motherboard found that when opened, the app sent information about the user's device such as the model, the city and timezone they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user's device". Exposed users' data included IP addresses and device model. Zoom has now stopped that data sharing practice and updated its privacy guidelines (see: Zoom Stops Transferring Data by Default to Facebook).

Zoom faces a variety of privacy and security issues this week, and the company is already responding to some of them fairly quickly.

More news: Disney to furlough some employees, waive annual pass fees

Like this



04 April 2020
'Black Widow,' 'Mulan' get new release dates; 'Artemis Fowl' to Disney+
Meanwhile, the Ryan Reynolds video game extravaganza Free Guy is moving from August 3 to December 11, in time for Christmas break. Marvel film Black Widow , starring Scarlett Johansson , Florence Pugh and Rachel Weisz, will hit cinemas on November 6.

03 April 2020
Biden says will talk soon with Trump on coronavirus response
Several Democrats have accused Trump of downplaying the seriousness of the outbreak early on, and Biden has joined in the criticism, saying Trump has fudged the response.

03 April 2020
US President Donald Trump Warns Iran Against ''Sneak Attack''
In a recent statement, Iranian Foreign Minister Javad Zarif referred to the U.S. sanctions against Iran as " economic terrorism ". Last month , for example, two Americans and a Briton were killed in a rocket attack on a base north of Baghdad.

03 April 2020
Forgivable loans for small businesses affected by COVID-19 available Friday
The administration said PPP loans will be awarded on a first come first serve basis with funding caps in place. Not only that, but thousands of their employees are either sick or quarantined because of the virus.

03 April 2020
Anosmia meaning: What is anosmia? New coronavirus symptoms
However, that study and others have tended to focus on patients with severe illness, rather than those with mild disease. There is a unique sub-group of COVID-19 patients with low severity disease marked by presence of digestive symptoms.

03 April 2020
Coronavirus: It may be time for everyone to mask up
Theresa Tam said masks may even tempt people to touch their faces more often and therefore, increase their risk of infection. One New Jersey lawmaker, state Assemblywoman Nancy Munoz, R-Union, made a video to shoe people how to make masks at home.

03 April 2020
HBO to make 500 hours of programming free-to-view
This is the first time HBO has made this volume of programming available outside of the paywall on HBO NOW and HBO GO . The content will also be made available for free via participating distribution partners' platforms in the coming days.

03 April 2020
Tiger-Phil rematch to add NFL stars Brady, Manning
And who will the pair be going up against, if the plan goes through? Mickelson beat Woods in the November 2018 1-on-1 matchup, taking home $9 million.

03 April 2020
Play your part, health minister tells Premier League stars
The Premier League would like to reiterate that the thoughts of all our clubs are with all those directly affected by COVID-19. Senior players at Premier League clubs are involved in discussions to organise a coronavirus crisis fund to support the NHS .

03 April 2020
3M 'Will Have a Big Price to Pay' Over Face Masks
The Trump administration, it said, has requested last weekend that 3M increase the number of masks from its overseas factories. A total of 244,826 have been infected in the United States , while the death toll in the country rises to 6,059.