21. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

Two critical bugs in videoconferencing app ‘Zoom’ could have led to remote exploitation in users and MMR servers. Natalie Silvanovich of Google’s Project Zero bug-hunting team on Tuesday released an analysis of the security bugs; the vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own.

The researcher spotted two different flaws, a buffer overflow issue that impacted both Zoom users and Zoom Multimedia Routers (MMRs), and the second one transmits audio and video content between clients in on-premise deployments. Additionally, the platform possessed a lack of Address Space Layout Randomization (ALSR), a security mechanism that helps to guard against memory corruption assaults.

“In the past, I hadn’t prioritized reviewing Zoom because I believed that any attack against a Zoom client would require multiple clicks from a user,” the researcher explained in a blog post. “That said, it’s likely not that difficult for a dedicated attacker to convince a target to join a Zoom call even if it takes multiple clicks, and the way some organizations use Zoom presents interesting attack scenarios.”

“ASLR is arguably the most important mitigatio

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: