Zoom Zero Day Vulnerability: A New Snapshot of the Zero Day Vulnerability

11/07/2019 16:19:59
Cameras are out of fashion at the moment as phone, tablet and computer cameras continue to get better, further cementing our constant connection to the internet – but are we more visible than we thought? In a Medium post entitled “Zoom Zero Day” this past Monday, researcher Jonathan Leitschuh revealed a serious vulnerability for Zoom users on Apple Mac’s.  For those who don’t know, Zoom is “ the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems.”  Zoom is listed as a Gartner MQ 2018 Leader for Meeting Solutions.  A quick scroll through the world of happy Zoom customers on their website is a veritable who’s who of capitalism.

Summed up succinctly, Leitschuh writes, “A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.” The article goes on to detail the vulnerability and the authors attempt to contact Zoom (they were already aware) and suggest a patch. This same vulnerability opens the door for DOS attacks and has a pronounced install vulnerability among other flaws. Leitschuh is not a huge fan of the way Zoom is handling the situation.

“This is essentially a Zero Day. Unfortunately, Zoom has not fixed this vulnerability in the allotted 90-day disclosure window I gave them, as is the industry standard. As such, the 4+ million users of Zoom on Mac are now vulnerable to an invasion of their privacy by using this service. Additionally, due to a lack of sufficient auto-update capabilities, many users continue to run outdated versions of Zoom for months after new releases are shipped leaving them vulnerable to exploits like these.”

Leitschuh has since posted 2 updates, the first after Zoom ensured him the patch was ready and again when he discovered the vulnerability also impacts Ringcentral, an “all-in-one cloud phone, video conferencing, team messaging, contact center, and more. In an interview with Forbes regarding the vulnerability, Zoom stated, “If an attacker is able to trick a target user into clicking a web link to the attacker's Zoom meeting ID URL, either in an email message or on an internet web server, the target user could unknowingly join the attacker's Zoom meeting."

Ouch.

This touches a personal and professional note as Zoom users worldwide scramble to find a patch (ideally). Now that this vulnerability has been exposed, how much responsibility do organizations have to ensure that the problem is isolated on company devices? I think we’d all agree 100%. But how responsible are companies for requiring the fix on employee BYOD devices? Is this even possible? Without total control over security policy network-wide, IT can simply educate employees on performing upgrades and hope they decide to download the patch – or stop using Zoom until the problem is fixed. Most troubling of all is the before mentioned install vulnerability, which means deletion of the app doesn’t necessarily mean the app isn’t still running in the background.

Zoom is a fantastic service designed to connect businesses across the globe – and there will always be vulnerabilities with even the best products. As they do all they can to fix the issue, how should IT departments react and how seriously should they take this potential risk?

Companies utilizing internet access control solution like Sangfor Internet Access Management (IAM) aren’t stressing. As a leading vendor of Network Management solutions, Sangfor’s IAM has been listed in the SWG Gartner Magic Quadrant for 7 consecutive years. Sangfor IAM is a superior Internet behaviour management solution consisting of professional internet bandwidth management, application control, URL filters, traffic control, information control, illegal hotspot/proxy control, behaviour analysis, wireless network management and many more features. This solution can truly help you achieve effective Web Filtering and unified internet behaviour management of all clients in the entire network. Sangfor IAM makes it possible for IT departments to block access to applications like Zoom until they are sure using the application is safe for users and the network.



Screenshot from Sangfor IAM Application Signature Database

Why Sangfor?
Founded in 2000 and a publicly traded company as of 2018 (SANGFOR STOCK CODE: 300454 (CH)) Sangfor Technologies is the global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com and get in touch with Sangfor Technologies today to see what we can do to custom build IT solutions to keep you and your data secure and available.

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2019 SANGFOR TECHNOLOGIES INC. ALL RIGHTS RESERVED.