Important Zoom Security Flaw allows Hackers to Take Over Your PC: What to Do [Update]

Important Zoom Security Flaw allows Hackers to Take Over Your PC: What to Do [Update]

Updated with news of a patch from Zoom.

There is a major flaw in the Zoom meeting software for Windows that could allow hackers to take over your computer, and no official patch is yet available. [But the good news is that only PCs running Windows 7 or earlier versions of Windows are at risk. [But many computers have not or cannot be upgraded to Windows 8.1 or 10, so millions are still vulnerable.

If you are one of those people, it may be best for now to use Zoom in your web browser or phone instead of using the Windows Zoom client application. (How to join a Zoom meeting from a web browser is discussed below.)

"The vulnerability allows a remote attacker, on a victim's computer with Zoom Client for Windows (all currently supported versions) installed, by forcing the user to perform typical actions such as opening a document file, "It is possible to execute arbitrary code," Mitja Kolsek of the Slovenian security firm Acros wrote in an official blog yesterday (July 9). No security warnings are displayed to users during the course of the attack."

Kolsek did not go into further technical details, but her blog post included a video that actually shows the exploit of the vulnerability.

The Zoom flaw was reported to Acros by a security researcher who apparently wished to remain anonymous. Acros in turn reported the flaw to Zoom.

A Zoom spokesperson told ZDNet, "We have identified this issue and are currently working on a patch to resolve it quickly."

Across has its own skin in the game, as it specializes in creating and distributing "micro-patches" for common software defects before the actual software makers get around to fixing the problem.

Generally, only business customers who subscribe to Acros' 0patch service have access to these micropatches. However, Acros is offering these micropatches for Zoom's flaws free of charge until Zoom fixes (or decides not to fix) them on its own.

There are mixed opinions about the value of installing Acros' micropatches. The company's developers no doubt know what they are doing, but it is still adding unofficial code to a software product that has not been authorized or analyzed by the actual developers of the software.

Again, it may be best to log into a Zoom meeting using a web browser; you can do so by clicking on the Zoom meeting link in the Zoom invitation or simply copying and pasting the link into your browser address bar You can do so by simply copying and pasting the link into your browser's address bar.

When the web page loads, a pop-up window will appear asking for permission to launch the installed Zoom Meetings client software, or the Zoom Meetings client software for our operating system You will be prompted to install the software. Ignore these suggestions and click "Cancel" instead.

Then, when you click the "Start Meeting" text on the web page, the same pop-up will appear again. Press "Cancel" again.

If you look at the web page again, you will see a new line that says "If you cannot download or run the application, please join from your browser. Click "Join from a browser" to begin the sign-in process.

According to Kolsek's blog post,https://central.0patch.com,で0patchアカウントにサインアップし、0patch the Agent software must be installed to obtain the micropatch for the Zoom Windows client.

Kolsek writes that once the 0patch Agent is installed, the Zoom micropatch is automatically downloaded and installed, and a system reboot is not required.

This micropatch works with Zoom for Windows versions 5.0.3 through 5.1.2.

A Zoom spokesperson informed us later on Friday (July 10) that Zoom had issued a patch for this flaw.

"Zoom has addressed this issue in the 5.1.3 client released on July 10, which affects users running Windows 7 and earlier versions. Users can remain secure by applying the latest updates or downloading the latest Zoom software, including all the latest security updates, from https://zoom. us/download."

.

Categories