![]() So it's sort of a chicken and the egg problem for who's to blame here: if Zoom didn't make these paths clickable, no exploit would be possible. That was possible because of some security quirks in NTLM in Windows, which has been causing these types of problems for a long time. ![]() It was reported on Bleeping Computer that, at the time, Zoom would convert network UNC paths into clickable links which, if clicked, could send an NTLM hash over the internet that could compromise login credentials. Previous Zoom Security Issues (Fixed and Otherwise) Windows Login Credentials So let's try not to panic, and instead take a clear-eyed look at Zoom's track record and the current level of security in their product, so we can assess what level of risk it might present and how much to trust it. These Zoom vulnerabilities only become relevant if someone manages to get into your computer, just as leaving cash lying on your kitchen counter only becomes relevant if someone gets in the front door. No security vulnerability exists in a vacuum, and every risk needs to be weighed in the context of how easy it is to exploit, what other layers of security exist around it, and what the consequences might be. How Serious Were Those Vulnerabilities?īoth of these vulnerabilities require that some kind of malware or untrusted user already be on the Mac in question. Zoom's use of a hardened runtime should have prevented the injection of potentially malicious code, but Zoom had a specific exception which allowed for this particular exploit. The second vulnerability allowed malware to gain access to the webcam and microphone, without displaying a prompt or otherwise alerting the user. This exploited some strange software installation practices by Zoom more on that upcoming. The first allowed a local attacker (someone with access to an account on the Mac) to use Zoom installation procedures to get root privilege control of the Mac, compromising the operating system itself. What brought all of this into the public consciousness? Ex-NSA hacker Patrick Wardle publicly disclosed two vulnerabilities. Vulnerabilities Exposed MacOS and Webcams In light of that, let's go through the list of issues that have made the news media rounds and lay out the relevant facts, so you can make an informed decision on whether Zoom is secure enough for you. Thing is, security decisions are never simple, and there isn't one answer for everyone. The question is: should you (or your organization) avoid Zoom? Security is more important than ever right now, with cybercriminals taking advantage of fear and a widespread desire for information. Two recently publicized vulnerabilities brought back into the spotlight a number of previous security and privacy missteps by the video conferencing leader. ![]() With that expanding user base and climbing stock valuation came a greater level of scrutiny. As the global pandemic unfolded, it became a household name while businesses scrambled to transition to remote work, schools began holding classes online, and virtual happy hours became the primary means of socializing. In the spring, the video conferencing app Zoom went from roughly 10 million daily meeting participants to over 300 million.
0 Comments
Leave a Reply. |