This report is about a vulnerability found in the popular virtual meeting application known as Zoom. The vulnerability has no known patch at the time this report was written. The vulnerability may allow users in the meeting to see information on a screen-share that they were not authorized to view.
Successful exploitation of this vulnerability occurs when a user shares a specific application on their screen such as a web browser but, for a short time other meeting participants can see the contents of open applications in the screen-share. Applications that are not explicitly shared can be seen by other users when newly created windows overlay the content being shared. Depending on the sensitivity of the environment and the level of privileges the affected user possesses this could increase or reduce the severity of the vulnerability. If the meeting is recorded then someone watching it can pause the recording and read the contents of the screen-share. The unintentionally shared content can really be seen if the meeting is being recorded as it flickers on the screen-share way too fast for the human eye to register in real-time. This vulnerability affects the Zoom client through version 5.5.4.
It is highly encouraged that you reduce the number of times screen-sharing is used by employees with external entities unless required by a certain user’s job function. Check the vendor’s website for updates and update the Zoom client when appropriate.
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.