Zoom Software Vulnerabilities Overview
This report explains a series of Zoom software vulnerabilities along with their impact and current recommendations. The software has vulnerabilities ranging from critical in nature to less concerning depending on the environment. It’s also notable that the Zoom meeting software does have some privacy concerns as well.
Tactics, Techniques, and Procedures
Zoom virtual meeting software, a staple of communication for myriad organizations, has assumed an important role during the current times to facilitate group conversations for business and personal use.
The software has flaws, though, that may make it a risk factor within the organizations who utilize it. You’ll find a list below of the important vulnerabilities worth noting from a security perspective:
- Pathing issue related to UNC – no discernible CVE.
- Privilege Escalation Issues:
- CVE-2020-11470 – affects the Zoom meeting software up to version 4.6.8 on macOS systems. Through the abuse of a software library a bad actor can abuse specified inputs to engage in privilege escalation. It’s possible the bad actor can attain any account on the system in general but, erring on the side of caution is key.
- CVE-2020-11469 — affects the Zoom meeting software up to version 4.6.8 on macOS systems. This vulnerability allows bad actors to engage in privilege escalation by abusing the installation file. Given the sensitive nature of software installation, it’s highly likely that a malicious actor can reach high in the privilege chain of operating system accounts (root in this case). This vulnerability affects version 4.6.8 of the software.
- General Privacy Concerns – there is possible evidence of links to a development team from a foreign nation state which has potential adversarial intentions. This could be concerning for user’s as software naturally mines the environment it runs in for valuable/useful data that can expose aspects of the user environment.
Impact of Zoom Virtual Meeting Vulnerabilities
Could result in in the loss of sensitive information about the user’s experience and the environment the software is running in. May allow for unauthorized account abuse leading to high level privileges being used in the environment.
It’s highly encouraged that you maintain an up-to-date environment and perform strong quality assurance of your environment during times like these. Currently there are no suitable patches out, but we’ll update this when those patches are available. Consider reviewing other software platforms as needed in case switching is an option for your organization. Review the sources section for more information about the software’s activity:
- CVE Details:
- Hacker News Article: https://thehackernews.com/2020/04/zoom-windows-password.html
- Bleeping Computer Article: https://www.bleepingcomputer.com/news/security/zoom-lets-attackers-steal-windows-credentials-run-programs-via-unc-links/
- Zoom’s Press Release: https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
- Mapping to the Mitre Framework: https://attack.mitre.org/tactics/TA0004/
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report outlines a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.
Contact us for more information about Avertium’s managed detection and response service capabilities.