You should upgrade your app as soon as possible if you conduct all of your video meetings and virtual get-togethers using the Zoom app. Because of a vulnerability in the security system, cybercriminals were able to install malware on your PC as well as your Android and iOS devices. According to the claims, the hackers start by sending a straightforward message to the device that will be attacked, and then they unlawfully install malware on the device. Zoom has admitted that there was a flaw in its system.
Also Read: PC Case Size: 5 Reasons Why it Matters?
According to the available information, the Zoom Client for Meetings is compatible with older versions of Windows, macOS, Linux, and Android operating systems. “The Zoom Client for Meetings (for Android, iOS, Linux, and macOS) prior to version 5.10.0 is unable to correctly validate the hostname during a server switch request. This issue affects all versions of the Zoom Client.” “This problem might be utilised in a more complex attack to deceive an unwary user’s client into connecting to a malicious server while attempting to use Zoom services,” Zoom said in a blog post. “The user would be unaware that they were being tricked into making the connection.” Ivan Fratric, a bug researcher working for Google’s Project Zero, was the one who uncovered the flaw and brought it to Zoom’s attention back in February.
According to a statement made by Fratric in a blog post, “the only skill an attacker needs is to be able to send messages to the victim using Zoom chat over XMPP protocol.” The messages are constructed in a unique manner in order to target unsuspecting people and install malicious programmes on the device of the victim. Even if the user does not connect with the threat message, it will still be injected to his computer or phone. This is the most concerning aspect of the situation. Using this software, it is simple to target a variety of devices, including iPhones, Androids, and computers running Windows.
“This study details a vulnerability chain that, if exploited, might allow a malicious person to take over the account of another user while they are chatting on Zoom. An interaction from the target user is not necessary for the assault to succeed. According to Fratic, the only capability an attacker needs is the capacity to send messages to the victim over Zoom chat while using the XMPP protocol. Zoom has assigned a severity rating of “high” to the threat. It is recommended that all Zoom users download the most recent update, version V5.10.0, and that they avoid accessing any potentially harmful links or interacting with text messages.
