At the Las Vegas DefCon security conference, Wardle detailed that when targeting the installer of the application, special user permission is needed to install or remove Zoom from a computer.
He found out that when a certain user is entering a password, the auto-update function is continuously running in the background with privileges to access the information. Following this, the power to control, add, modify, and remove files on the user's machine is in the hands of the attacker as they have already gained initial access to the target.
Some vulnerabilities in the presentation were already resolved by Zoom, as Wardle informed the company in December 2021. Yet, he mentioned that the fix led to another bug and might lead to the same problem.
As per the Zoom spokesperson, they have already resolved these security issues and recommend users keep up with the latest update of the application.
In an interview for The Verge, Wardle said that not only did he report the bugs, but he also presented how to fix it and waited six to eight months to resolve the issue, knowing that users who have Mac versions of Zoom are at risk,
Zoom also issued a patch one week before the event, and Wardle analyzed another small bug that it could allow the attackers to exploit the problem.
Wardle stated, "There's always a potential tradeoff between usability and security, and it's important for users to install updates. But if it's opening this broad attack surface that could be exploited, that's less than ideal."
Zoom's Worth Nowadays
Stocks of the company went down by almost 85%, comparing it to their peak during the start of the lockdowns because of the pandemic. $135 billion was the cost of its market value.
Yet many analysts still see Zoom supported by a lot post-pandemic or in the future as many employees prefer working from home to going on site. Through this platform, these employees may help their work more flexibly.
Also read : Zoom's Selloff Might Spark a Rally
Zoom's Take on Online Terrorism
After receiving criticism from users who experienced 'zoombombing' or a certain cyber-harassment where people interrupt online meetings via the conference application, the company announced 2021 its participation in the Global Internet Forum to Counter Terrorism.
Major tech companies such as Microsoft, Amazon, and Meta also participated in the campaign.
The company continues to ensure the users' security and continues to help and promote a much safer community-fighting terrorism online.
Related Aricle: Zoom Wants to Make the Digital World Safer, Joins Meta and Others to Fight Global Online Terrorism
This article is owned by TechTimes
Written by Inno Flores