Zoom App Could Let Attackers Access Windows s 234f66 Take Over Your Mac: Reports

One of the security issues within the Zoom app could allow attackers to gain root access of a Mac machine. 73r1h

By Jagmeet Singh | Updated: 2 April 2020 11:29 IST

Zoom App Could Let Attackers Access Windows s, Take Over Your Mac: Reports

Zoom has gained huge popularity due to raise in work from home culture 376w5e

Highlights

Zoom seems to have UNC injection flaw on Windows
Security researchers have also found issues with its macOS version
Zoom, however, is yet to patch the flaws

ment

Zoom meetings are happening all across the globe as a large number of people are currently working from home due to the coronavirus outbreak. The remote culture has indeed resulted in popularity for the video conferencing platform that was earlier trying to compete against Google's Hangouts Meet and Microsoft's Skype. However, its overnight popularity has also brought it into the limelight for security researchers who've started finding its alleged underlying vulnerabilities. Two such researchers claim to have found a security loophole that can give attackers access to Windows s. Another security researcher has noticed two flaws that can be used to silently gain access to a 's Mac and tap into its webcam and microphone.

The first serious flaw claimed to have been Windows client is found to convert networking UNC paths into a clickable link in the chat message. This can be utilised by any attackers to capture Windows s, as noticed by security researcher Matthew Hickey, who operates Twitter @HackerFantastic.

In addition to the UNC injection flaw, the Zoom app is said to have two distinct security loopholes that could allow attackers to gain root access and take over a 's Mac system.

Former NSA hacker and principal security researcher at Jamf Patrick Wardle has macOS version of the Zoom app. Both bugs are said to be initiated by a local attacker, someone who has physical control of the system, as noted by TechCrunch.

The attacker can gain access to the computer once exploited and install malware or spyware, without letting s know about the backdoor entry. The issue that allows unwanted access is due to the installer that can easily be injected with malicious code and used to obtain root-level privileges.

Security researcher Felix Seele also highlighted the allegedly vulnerable macOS installer of the Zoom app in a tweet posted on Wednesday. “Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current is in the group (no root needed),” he tweeted.

Aside from the unsafe installer, Wardle claims to have been able to find another security bug in the macOS variant of the Zoom app that can allow an attacker to inject malicious code to access the webcam and microphone of the system. The researcher was able to trick the client using his proof-of-concept.

“No additional prompts will be displayed, and the injected code was able to arbitrarily record audio and video,” Wardle wrote in a blog post while elaborating the security flaw.

Zoom hasn't yet fixed any of the reported flaws. However, Gadgets 360 has reached out to the company to understand its take on the fresh vulnerabilities that could impact several s worldwide -- given the growing adoption of the app due to the coronavirus outbreak.

It is important to note that apart from the four new security issues that have been discovered by the security researchers, Zoom was recently in the news for its under scrutiny in the US after s complained about being startled by porn during virtual meetings.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.