Zoom users should update their software immediately-Information Technology
Zoom has released a major update to fix critical vulnerabilities that allow hackers to execute code remotely.
Accordingly, the vulnerability is designed to trick Zoom users into connecting to an intermediary server, after which the attacker will initiate further actions. They can spoof the message as if it were from another user, or control all incoming messages from the server as well as yours.
These vulnerabilities were discovered by security researcher Ivan Fratric (of Google Project Zero). “The crook only needs to send a message to the victim through the XMPP protocol to be able to carry out the attack, without any interaction from the user.”
According to the Vulnerability Scoring System (CVSS), the vulnerability on Zoom reached 8.1 points, which shows that this is a pretty serious problem and users should update the application to the latest version as soon as possible. Vulnerabilities affecting the Zoom application on Android, iOSLinux, macOS and Windows.
In addition, this update also fixes the CVE vulnerability CVE-2022-22786 (Windows), which makes the Zoom application unable to correctly check the version of the installation package. As a result, an attacker can trick users into downgrading the application to a less secure version.
According to Xiao Ming (Ho Chi Minh City Law)
at Blogtuan.info – Source: 24h.com.vn – Read the original article here