A pair of security researchers have uncovered many 0day vulnerabilities in Zoom in recent days that would allow hackers to take over someone's computer, even if the victim does not click.
Zoom told Gizmodo that a server side update was released on Friday to address vulnerabilities. users they do not need to do anything.
The vulnerabilities were identified by Dutch researchers Daan Keuper and Thijs Alkemade from Computest Security, a security company, as part of the competition Pwn2Own 2021 organized by the Zero Day Initiative. Although not many details are known about these vulnerabilities due to the politics of the contest, in essence, the researchers used a chain of three bugs in application Zoom for desktop computers to conduct a remote implementation code on the target system.
The user does not have to click to succeed in the attack. You can see the error below.
We're still confirming the details of the #Zoom exploit with Daan and Thijs, but here's a better gif of the bug in action. # Pwn2Own #PopCalc pic.twitter.com/nIdTwik9aW
- Zero Day Initiative (@thezdi) April 7, 2021
In one statement σχετικά με τη νίκη του Keuper και του Alkemade, η Computest Security ανέφερε ότι οι ερευνητές ήταν σε θέση να αναλάβουν σχεδόν πλήρως τα στοχευμένα συστήματα, εκτελώντας ενέργειες όπως ενεργοποίηση της κάμερας, ενεργοποίηση του μικροφώνου, ανάγνωση email, έλεγχος της οθόνης και λήψη browser history.
In case you forgot, the Zoom was not synonymous with security last year. There were Zoom Bombings that took advantage of Zoom's then loose control measures to drop porn clips and Nazi slogans in online sessions.