Get in Touch
Zero-Click’ Zoom Vulnerabilities: Buffer Overflow
Overview
Zoom recently had two concerning vulnerabilities which could have been exploited, without any user involvement, to take over a victim’s device or even compromise a Zoom server.
Impact
Of the two vulnerabilities:
One was a buffer overflow issue that impacted both Zoom clients and Zoom Multimedia Routers (MMRs). This vulnerability could be leveraged to crash services or application or execute arbitrary code.
The second exposes process memory which could lead to information leakage from the impacted device’s memory.
Products Affected
Zoom
Containment, Mitigations & Remediation
Zoom fixed the server-side flaw and released updates for users’ devices on 24th November 2021.
Users should update their systems to the latest available version of the software.
Indicators of Compromise
There are no current indicators of compromise. The vulnerabilities were discovered by security researchers at Google’s Project Zero and were responsibly disclosed to Zoom.
Threat Landscape
Zero-click vulnerabilities and other flaws have been found in a number of communication platforms, including Facebook Messenger, Signal, Apple’s FaceTime and iMessage plus Google Duo. Zoom hasn’t been investigated deeply until now, due to the constant pop-up notification and other protections applied over the years. Zoom is not investigated as often as it could be: it’s important to note that simple bugs can go undiscovered, therefore, it is important to stay vigilant on platforms such as Zoom that are seen to be well protected, when in fact, it may only be secure on the surface.
Mitre Methodologies
T1190 – Exploit Public-Facing Application
T1189 – Drive-by Compromise
Further Information
Zoom vulnerabilities impact clients, MMR servers | ZDNet
Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls | WIRED