Several security researchers have identified a new list of vulnerabilities in Zoom, the video conferencing platform. Of the vulnerabilities identified, six have reportedly already been patched, and two were discovered in the MacOS platform. These vulnerabilities, when exploited, have the potential to compromise data integrity, escalate privileges, and allow unauthorized access to systems.
One of the high-risk vulnerabilities, identified as CVE-2023-34113, affects Zoom for Windows clients before version 5.14.0 and involves insufficient verification of data authenticity. Attackers can potentially use this vulnerability to escalate privileges and manipulate data, posing a significant threat to system integrity. Another high-severity vulnerability, identified as CVE-2023-34114, affects Zoom for Windows and MacOS clients before versions 5.14.10 and 5.14.0, respectively. An authenticated user with network access can exploit this flaw to disclose sensitive information through the exposure of resources to the wrong sphere.
Additionally, the Zoom VDI client installer prior to version 5.14.0 contains a high-severity vulnerability that allows a malicious user to potentially delete local files without proper permission. This vulnerability was identified as CVE-2023-28603.
The vulnerabilities analyzed in the latest list were identified as medium and low-severity issues. The medium-severity vulnerability, identified as CVE-2023-28600, affects Zoom for MacOS clients prior to version 5.14.0 and involves improper access control, potentially allowing a malicious user to delete or replace Zoom Client files. The low-severity vulnerabilities identified include CVE-2023-28601, which involves improper restriction of operations within the bounds of a memory buffer, and CVE-2023-28602, which relates to improper verification of cryptographic signatures.
Zoom has acknowledged the vulnerabilities and has already developed and released patches and updates to address them. Users are advised to update their Zoom software to the latest version available to protect themselves against potential exploitation.
Zoom’s recent popularity, driven by the COVID-19 pandemic and subsequent lockdowns, has raised concerns over the platform’s security. Researchers at Cyble Research & Intelligence Labs (CRIL) recently reported instances of a malware campaign targeting Zoom users, where the threat actor uses a modified version of the Zoom app to deploy a phishing attack that delivers the IcedID malware. Threat actors have also been found distributing Bumblebee malware through trojanized installers via popular business connection software, including Zoom, Cisco AnyConnect, and Citrix Workspace. The growing popularity of Zoom in business communication has prompted scamsters to launch fraudulent campaigns too.
The Cyber Express recently reported on numerous fraudulent websites attempting to impersonate Zoom, infecting victims’ devices with malware. In this case, the Zoom homepage was mimicked by a new campaign that uses identical designs, user experience, and buttons to entice people to download the app. The Vidar Stealer malware is downloaded to the system whenever the user installs the software package that was thought to be the Zoom app. This malware immediately begins to spread across the system and can cause significant damage.
Zoom users are urged to update to the latest version of the software to mitigate the risks posed by the identified vulnerabilities. Additionally, users are advised to exercise caution when downloading Zoom and always verify the authenticity of emails and websites related to the app.