Experts Insight On Researchers Discovered Multiple Security Vulnerabilities In Zoom

Cybersecurity researcher Mazin Ahmed discovered Zoom vulnerabilities that allowed data theft and malware deployment. According to findings presented at DEF CON 2020, Zoom left a misconfigured development instance exposed that wasn’t updated since September 2019, indicating the server could be susceptible to flaws that were left unpatched.


EXPERTS COMMENTS
Tal Zamir, Founder and CTO,  Hysolate
August 12, 2020
Zoom is one of the most popular non-browser apps these days, and its vulnerabilities should be among enterprises’ primary concerns.
Zoom is one of the most popular non-browser apps these days, and its vulnerabilities should be among enterprises’ primary concerns. Unfortunately, we'll see additional such vulnerabilities and subsequent attacks with collaboration tools such as Zoom, Teams, and Slack, as they all have a wide attack surface. To really protect against endpoint threats in a comprehensive way, enterprises should ado ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
August 12, 2020
These are also classic attributes of software developed when time to market is a key consideration.
These recent vulnerability disclosures against Zoom highlight the difficulty in securing complex systems and the value of using a threat model for the starting point in any security analysis. In this case, that threat model would’ve highlighted the logging of potentially sensitive information in chat logs while recognizing the potential for a privilege escalation within the Zoom Linux client’s ....
[Read More >>]
Paul Bischoff, Privacy Advocate,  Comparitech
August 12, 2020
Users just need to update their Zoom app to get the latest security patches.
The average Zoom user shouldn't worry too much about these proof-of-concept attacks demonstrated at Defcon. Two of the attacks were against Zoom's Linux client, which accounts for a small percentage of Zoom's total users. They also require the device to have been previously compromised by some other malware. Zoom has since patched these flaws so they never reached zero-day status. Users just need ....
[Read More >>]
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
August 12, 2020
I believe we will continue to see disclosures such as this in the near future.
The Zoom security flaws are just the latest in an ongoing series of recently discovered flaws leaving users of many apps open to attacks by the bad guys. Luckily, there are white hat cybersecurity researchers like Mazin Ahmed that are working to identify and disclose such security flaws to companies to allow them to plug the holes. I believe we will continue to see disclosures such as this in the ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article