Jonathan found that to offer this feature the Zoom software runs a local web server on the system-on port 19421-that "insecurely" receives commands through the HTTPS GET paraments and any website in your opened web browser can interact with it. The vulnerability leverages the click-to-join feature of the popular conferencing software that has been designed to automatically activate Zoom app installed on the system, allowing participants to quickly join a video-meeting through their web browser as soon as they click on an invite link, for example. Jonathan responsibly reported the security vulnerability to the affected company over 90 days ago, but the Zoom team failed to offer a proper security patch, putting privacy and security of its over 4 million users at risk. In a Medium post published today, cybersecurity researcher Jonathan Leitschuh disclosed details of an unpatched critical security vulnerability (CVE-2019-13450) in the Zoom client app for Apple Mac computers, which if combined with a separate flaw, could allow attackers to execute arbitrary code on the targeted systems remotely.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |