Zero-Click’ Zoom Vulnerabilities: Buffer Overflow

Overview

Zoom recently had two concerning vulnerabilities which could have been exploited, without any user involvement, to take over a victim’s device or even compromise a Zoom server.

Impact

Of the two vulnerabilities:

One was a buffer overflow issue that impacted both Zoom clients and Zoom Multimedia Routers (MMRs). This vulnerability could be leveraged to crash services or application or execute arbitrary code.

The second exposes process memory which could lead to information leakage from the impacted device’s memory.

Products Affected

Zoom

Containment, Mitigations & Remediation

Zoom fixed the server-side flaw and released updates for users’ devices on 24th November 2021.
Users should update their systems to the latest available version of the software.

Indicators of Compromise

There are no current indicators of compromise. The vulnerabilities were discovered by security researchers at Google’s Project Zero and were responsibly disclosed to Zoom.

Threat Landscape

Zero-click vulnerabilities and other flaws have been found in a number of communication platforms, including Facebook Messenger, Signal, Apple’s FaceTime and iMessage plus Google Duo. Zoom hasn’t been investigated deeply until now, due to the constant pop-up notification and other protections applied over the years. Zoom is not investigated as often as it could be: it’s important to note that simple bugs can go undiscovered, therefore, it is important to stay vigilant on platforms such as Zoom that are seen to be well protected, when in fact, it may only be secure on the surface.

Mitre Methodologies

T1190 – Exploit Public-Facing Application
T1189 – Drive-by Compromise

Further Information

Zoom vulnerabilities impact clients, MMR servers | ZDNet
Zero-Click’ Zoom Vulnerabilities Could Have Exposed Calls | WIRED