If you're using Zoom – especially at this difficult time to cope with your school, business, or social commitments – make sure you're running the latest version of the popular video conferencing software on your Windows, MacOS, or Linux computers.
No, it's not about introducing the most anticipated "real" end-to-end encryption feature that, according to the latest news, would apparently only be available to paid users. Instead, this latest warning is two newly discovered critical vulnerabilities.
Cisco Talos cybersecurity researchers announced today that they have discovered two critical security vulnerabilities in the zoom software that could have allowed attackers to remotely hack into the systems of group chat participants or a single recipient.
Both of the bugs in question are path crossing vulnerabilities that can be exploited to write or place arbitrary files on the systems that are running vulnerable versions of the video conferencing software to run malicious code.
According to the researchers, successfully exploiting both errors requires little or no interaction from target chat participants and can only be accomplished by sending specially designed messages to an individual or group using the chat function.
The first vulnerability (CVE-2020-6109) was for Zoom to use the recently purchased GIPHY service from Facebook to let users search for and exchange animated GIFs while chatting.
Researchers find that the Zoom application has not checked whether or not a shared GIF is loaded by the Giphy service, so an attacker could embed GIFs from a third-party attacker-controlled server that looks for design cache / memory on the Zoom recipient's system A specific folder associated with the application.
Also, since the application did not clean filenames, it could have enabled attackers to cross the directory, thus enticing the application to store malicious files disguised as GIFs anywhere on the victim's system, e.g. B. in the start folder.
The second vulnerability, related to remote code execution (CVE-2020-6110), was how vulnerable versions of the code snippets of the Zoom application process process were released through chat.
"Zoom's chat functionality is based on the XMPP standard and offers additional enhancements to support the rich user experience. One of these enhancements supports the ability to include source code snippets that support full syntax highlighting. The ability to send code Snippets requires the installation of an additional plugin, but it is not received. This feature is implemented as an extension of file sharing support, "the researchers said.
This function creates a zip archive of the released code snippet before sending it and then automatically unpacks it on the recipient's system.
According to the researchers, Zoom's zip file extraction function does not check the contents of the zip file before extracting it, so the attacker can place any binary files on target computers.
"In addition, a partial path crossing issue allows the specially crafted zip file to write files outside of the intended randomly generated directory," the researchers said.
Cisco Talos researchers tested both bugs in version 4.6.10 of the Zoom client application and reported them responsibly to the company.
Zoom was released just last month and fixed both critical vulnerabilities with the release of version 4.6.12 of its video conferencing software for Windows, MacOS, or Linux computers.