During the coronavirus pandemic, many people who have been working and learning from home have turned to video chat service Zoom. However, the service has had more than its fair share of issues with security and privacy over the last few months. Two new vulnerabilities have surfaced in the video chat platform that could allow malicious users to execute code on targeted computers.
Both the vulnerabilities were discovered by Cisco Talos, which is a cyber threat intelligence team that provides network security solutions against emerging threats. Cisco Talos adhered to its coordinated disclosure policy, working with Zoom to ensure that both issues were addressed. One of the issues, TALOS-2020-1056, was patched in May. The other is TALOS-2020-1055, and while Zoom issued a server-side update, Cisco Talos believes that this particular issue requires a patch on the client-side to eliminate the security risk.
TALOS-2020-1055 is described as a "Zoom client application chat Giphy arbitrary file write exploit." The security researchers say that a specially-crafted chat message can cause an arbitrary file write, which could be further exploited to achieve code execution on the target machine. To exploit the vulnerability, the attacker would send a message to a user, or group of users. While only Giphy servers were supposed to be used for the feature, the content from an arbitrary server could be loaded. It could then be leveraged to further leak information or exploit additional vulnerabilities.
Vulnerability TALOS-2020-1056 is described as a "Zoom client application chat code snippet remote code execution vulnerability." Talos says an exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages, including shared code snippets. To exploit the vulnerability, attackers would craft chat messages that could allow arbitrary code execution. That specially-crafted message could then be sent to an individual user or group to exploit the vulnerability. The target user would have to interact with the message for the most severe impact from the flaw.
As previously mentioned, Zoom has had other security issues tied to increased usage during the coronavirus pandemic. Zoom has been hit with a class-action shareholder lawsuit over some security lapses that impacted its stock price. In April, it was discovered that half a million Zoom accounts compromised by hackers were up for sale on the dark web.