Highlights:
- A Zoom security flaw allows hackers to send malicious links to users.
- To breach the user’s system and install malware, the hacker only has to send a message to a Zoom user over the XMPP protocol.
- Zoom called it a high-level security concern and urged all customers to upgrade their software to the latest version as soon as possible.
Zoom is a popular video conferencing platform that has gained popularity in the last two years. This has attracted further unwanted attention from hackers, who may now exploit a new vulnerability in the platform.
Zoom contains a security flaw that allows attackers to install malware on the device without notifying the user. The vulnerability was discovered in the Zoom Client for Meetings platform, which is available for Android, iOS, macOS, Windows, and Linux. According to Zoom, the issue was identified in version 5.10.0, which fails to correctly validate the hostname during a server switch request.
Also Read: Best Phone Cleaner App For Android
“This issue could be used in a more sophisticated attack to trick an unsuspecting user’s client to connect to a malicious server when attempting to use Zoom services,” Zoom noted in a blog post.
Zoom learned about the issue from Ivan Fratic, a bug hunter from Google’s Project Zero team. Frantic notified Zoom of the security flaw in February of this year, and the issue was rectified with an upgrade.
As a result, if you are using a version of the Zoom Client prior to 5.10.0, the company is requesting that you upgrade the software immediately. It also warns users not to click on any links from unknown sources that may contain malware.
Millions of people use Zoom for personal and commercial purposes. The last thing you want is malware contaminated software that has the ability to damage the user in a number of ways.
Issues like these arise on a daily basis, and it is important that companies have a strong security mechanism in place to combat any threat. Updates are an important part of this process since they assist the software in fixing the flaw and providing stronger protection against other zero-day issues that may arise in the future.
