Zoom.us Zero-day DoS and Information Disclosure vulnerabilities

Jake

Developer
Joined
Jan 19, 2013
Messages
1,058
Seemed semi-relevant to post here since I'm sure at least some of you use it:

 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
565
I don't, but like any good tin foil hat wearer, I tape that camera up.
 

Jake

Developer
Joined
Jan 19, 2013
Messages
1,058
They even went as far as saying that it only happened because "the researcher created a meeting without any access controls" as if that makes any difference whatsoever considering that's a matter of ticking a checkbox they provide


They also stated that the reason they have that webserver running that allows this to happen in the first place is to bypass a security feature Safari added that required an extra click to join the video call

This is a workaround to a change introduced in Safari 12 that requires a user to confirm that they want to start the Zoom client prior to joining every meeting. The local web server enables users to avoid this extra click before joining every meeting.
https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/
 
Top