Critical vulnerability in Zoom can be used to remotely activate code

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Share on pocket
Pocket
Share on whatsapp
WhatsApp

A critical day zero vulnerability has been discovered in the video call service Zoom in connection with the white hat security competition Pwn2own organized by Zero Day Initiative, reports Zdnet.

Security researchers Daan Keuper and Thijs Alkemade from Computest demonstrated how a three-bug attack chain could be used to remotely activate code through Zoom on a user’s computer. This without the attacker even having to interact with the user. The attack must have been carried out on Windows as well as Mac.

A more detailed description than that has not been given by the lack of security because Zoom has not yet had time to close it. However, the vulnerability should apply to Zoom Chat and not Zoom Meetings or Zoom Video Webinars. The attacker must also be a contact that the intended victim has accepted.

The discovery of the vulnerability will lead to a total compensation of $ 200,000 to Daan Keuper and Thijs Alkemade. While waiting for the patch to be released, concerned users may use the browser version of Zoom instead of the app.

Also read: 6 tips for you who are a manager at a distance

.

Read Also:  "will no longer be available"
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Share on pocket
Pocket
Share on whatsapp
WhatsApp

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.