Zoom has turned out to be progressively mainstream as of late, with up to 750,000 worldwide clients. A flaw could have enabled an assailant to mimic meeting participants, sidestep screen control messages, and control a vulnerable individual’s computer. Adding further salt to the wound, the defect could have given the hacker the ability to kick out meeting members. The flaw is recognized as CVE-2018-15715. Zoom has now patched it in their new 4.1.34814.1119 update. The issue itself is an unauthorized command execution which attackers take advantage of by sending spoofed UDP data packets which Zooms servers construe as trusted. Researchers are imagining that the messages were cryptographically signed by whoever sent them. Ideally, flaws of this nature would be able to be patched in an automatic update, but Zoom has released it as a manual update.
Analyst Notes
Since attacks of this nature are so rare, the only suggestion would be to keep up with news on patches and update the software accordingly, since it is manual.
