New bugs in Zoom that could hack you with a simple message

Four new flaws in Zoom allowed attackers to hack into you by simply sending you a message.

The popular Zoom video conferencing service has already resolved four security issues that could be used to intrude on another user by chatting by sending specially formatted Extensible Messaging and Presence Protocol messages (XMPP) and performing malicious .

A series of four bugs, from CVE-2022-22784 to CVE-2022-22787, indicate a hazard rating between 5,9 and 8,1. All four were discovered in February 2022 by Ivan Fratric of Google Project Zero.

The list of errors is as follows:
CVE-2022-22784 (CVSS score: 8,1) – Incorrect XML in Zoom Client for Meetings
CVE-2022-22785 (CVSS rating: 5,9) - Session cookies with inappropriate restriction on Zoom Client for Meetings
CVE-2022-22786 (CVSS rating: 7,5) - Zoom Client for Meetings for Windows package downgrade update
CVE-2022-22787 (CVSS rating: 5,9) - Insufficient validation of hostname when switching server in Zoom Client for Meetings

Successfully exploiting these issues could allow an attacker to force the Zoom client program to disguise itself as a Zoom user, log on to a malicious server, and even download a malicious update, resulting in arbitrary code execution.

Fratric called the attack "a case in point."XMPP Stanza Smuggling, Adding that "a user may be able to falsify messages as if they were coming from another user" and that "an attacker may send control messages that will be accepted because they appear to be coming from the server".

Το CVE-2022-22786 επηρεάζει τα Windows, ενώ τα CVE-2022-22784, CVE-2022-22785 και CVE-2022-22787 επηρεάζουν τα Android, iOS, , and Windows.

Recommended to of the application to update to the latest version (5.10.0) to mitigate any potential threats resulting from active exploitation of the flaws.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).