![]() ![]() In the old days, video calls could be an absolute nightmare. A more stable video conferencing platform Most of these issues have been dealt with, and the service in its current form absolutely deserves its popularity. It's safe to say that Zoom Meetings has been a resounding success, despite some initial controversies regarding lackluster encryption and alleged disregard for user privacy. The idea was to make video conferencing more stable and intuitive, something existing platforms like Skype were struggling with. Minus the root access, of course.Zoom seemed to come out of nowhere at the start of the pandemic, but the company had been working on their conferencing platform for a long time, launching the first version of the software all the way back in 2013. Hackers can take advantage of exposed Zoom vulnerabilities quickly, Goodin noted, if Zoom users aren't updated right away. Ars' Dan Goodin noted that his Zoom client didn't actually update when the fix for that issue arrived, requiring a manual download of an intermediate version first. Last May, a Zoom vulnerability that enabled a zero-click remote code execution used a similar downgrade and signature-check bypass. Prior to that, Zoom was caught running an entire undocumented web server on Macs, causing Apple to issue its own silent update to kill the server. Wardle previously revealed a Zoom vulnerability that let attackers steal Windows credentials by sending a string of text. The company settled with the FTC in 2020 after admitting that it lied for years about offering end-to-end encryption. Zoom's software security record is spotty-and at times, downright scary. ![]() ( Update: Clarified Wardle's disclosure and update timing). You can download the update directly from Zoom or click on your menu bar options to "Check for updates." We wouldn't suggest waiting for an automatic update, for multiple reasons. Zoom issued a security bulletin later that same day, and a patch for version Zoom 5.11.5 (9788) followed soon after. ![]() Wardle disclosed his findings to Zoom before his talk, and some aspects of the vulnerability were addressed, but key root access was still available as of Wardle's talk on Saturday. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |