A recently discovered bug being tracked as CVE-2021-28133 is affecting Zoom users. The flaw lies within the screen sharing function of the application and was tested on versions 5.4.3 and 5.5.4 across both Windows and Linux clients. The bug is allowing for other users to briefly view content from other apps of the person that is sharing their screen. This happens if a second application is layered on top of an application that is already open. SySS researchers Michael Strametz and Matthias Deeg stated, “When a Zoom user shares a specific application window via the ‘share screen’ functionality, other meeting participants can briefly see contents of other application windows which were not explicitly shared.” While this could be very difficult to exploit it still leaves a possibility for information to be viewed unwillingly.
Analyst Notes
Although Zoom has been aware of the flaw since December of 2020, they have yet to make a fix for the bug, but this could be due to how difficult it may be to exploit it. In order to protect themselves and others in the meeting Zoom meeting hosts should require a password to enter the meeting. Keeping unwanted attendees out of meetings will reduce the risk of sensitive information getting stolen. Users should also keep an eye out for a fix from Zoom in the near future.
Source: https://thehackernews.com/2021/03/new-zoom-screen-sharing-bug-lets-other.html?m=1
