CyberNews Briefs

Two Zoom Zero-Day Flaws Uncovered

Patrick Wardle, a security researcher with Jamf, has uncovered two zero-day flaws in the Zoom macOS client version. The telecom and online class platform vulnerabilities have the potential to give local attackers root privileges, which subsequently allow the attackers to access the victims’ microphone and camera. The two flaws have emerged as the platform is under an increased level of scrutiny over security measures as a global movement towards working from home occurs. Zoom has experienced, naturally, a massive influx in users since US colleges and businesses went virtual.

This week, Wardle and his team stated that the two zero-days should be unsurprising considering Zoom’s history with cybersecurity, however, users should be wary of the application and its security practices. The zero-days require physical access to a victim’s computer, or a post malware infection attack that establishes a preexisting foothold on the system. The flaws stem from the Zoom installer’s use of AuthorizationExecuteWithPrivleges application programming interface (API).

Read More: Two Zoom Zero-Day Flaws Uncovered

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.