Written by
Chris Duckett,
Picture: Shutterstock / fizkes
Zoom customers are suggested to replace their purchasers to model 5.10.0 to patch numerous holes discovered by Google Mission Zero safety researcher Ivan Fratric.
“Consumer interplay shouldn’t be required for a profitable assault. The one means an attacker wants is to have the ability to ship messages to the sufferer over Zoom chat over XMPP protocol,” Fratric stated in a bug tracker description of the chain.
Wanting on the means XMPP messages are parsed in a different way by Zoom’s server and purchasers, since they use totally different XML parsing libraries, Fratric was capable of uncover an assault chain that finally might result in distant code execution.
If a specifically crafted message was despatched, Fratric was capable of set off purchasers into connecting to a man-in-the-middle server that served up an outdated model of the Zoom consumer from mid-2019.
“The installer for this model continues to be correctly signed, nonetheless it doesn’t do any safety checks on the .cab file,” Fratric stated.
“To display the affect of the assault, I changed Zoom.exe within the .cab with a binary that simply opens Home windows Calculator app and noticed Calculator being opened after the ‘replace’ was put in.”
In its safety bulletin printed final week, Zoom stated the safety researcher additionally discovered a approach to ship person session cookies to a non-Zoom area, which might enable for spoofing.
The CVE-2022-22786 vulnerability that allowed for downgrading the consumer solely impacted Home windows customers, whereas the opposite three points — CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787 — impacted Android, iOS, Linux, macOS, and Home windows.
Fratric found the vulnerabilities in February, with Zoom patching its server-side points the identical month, and releasing up to date purchasers on April 24.
