Mazin Ahmed, a researcher who presented at DEF CON 28, recently demonstrated some of the bugs/vulnerabilities that he found and reported to Zoom between April and July 2020. While several of these flaws require initial access to systems, the flaws themselves are still fairly significant.
With local access to a victim’s machine, Ahmed demonstrated that malware can use Zoom to launch untrusted applications, or the attacker can exfiltrate Zoom user data and even plaintext chat messages stored on the system. Additionally, malware can inject custom certificate fingerprints into the local Zoom database. Zoom issued a fix for these vulnerabilities and more on August 3rd, 2020.
As a new version of Zoom was released on August 3rd, Binary Defense recommends updating Zoom to the latest version. Additionally, since many of these vulnerabilities required local access to a machine, Binary Defense recommends the use of an EDR or MDR solution, with 24-hour a day monitoring by an internal SOC or a security provider such as Binary Defense’s Security Operations Task Force, in order to detect attacks like these when the attacker gains the initial foothold in a system.
More information can be read at: