Aspiring Business Leaders Worldwide

, / 553 0

Slovenian firm reveals Zoom flaw for Windows Pcs

Zoom hit by a Zero-day flaw that makes Windows 7 PCs vulnerable, this is after it underwent a complete security overhaul.
SHARE

A Slovenian firm Arcos Security says Zoom is vulnerable in Windows 7 machines. The flaw is termed as zero-day impact.

The security firm says Zoom can be exploited to hack into computers running Windows 7. It allows remote code execution and installation of malware into a victim’s computer. Arcos Security was tipped off of the packability by an unnamed security researcher.

Arcos Security is not elaborating on what the flaw is for fear of it being used by other hackers. From bare facts, it seems the vulnerability initiates a Zoom video call and then tricks the computer owner into performing certain tasks such as opening any file and then the bug is planted without the knowledge of the computer owner running the Windows 7 software. Zoom clients running on Windows 8 or Windows 10 are not affected.

Zoom Arcos security flaw

Zoom hit by a Zero-day flaw that makes Windows 7 PCs vulnerable, this is after it underwent a complete security overhaul.

We did not disclose vulnerability details that would allow attackers to exploit it—we only disclosed its presence and our micropatch,” Arcos Security CEO Mitja Kolsek told PCMag in an email. “Per our long-standing policy, we wouldn’t even publish details after 90 days if these details allowed attackers to attack users.

We analyzed the issue and determined it to be only exploitable on Windows 7 and older Windows systems. While Microsoft's official support for Windows 7 has ended this January, there are still millions of home and corporate users out there prolonging its life,” Arcos Security wrote in a blog post.

Arcos Security has come up with a solution to the malware. It has a micropach than can be downloaded, but first you need to install the company’s 0ptach software. Kelsey emphasized that the bug in the Windows operating software was not common knowledge and no known cases of malware installation were yet revealed.

Zoom has been informed of the vulnerability. Zoom acknowledged it and said, “We have confirmed this issue and are currently working on a patch to quickly resolve it,” the video conferencing provider said.

Arcos seems to have preempted Zoom’s patch release efforts with its own solution. Arcos said it went public for the benefit of the public and not to exploit it for its own advantage.

We did not disclose vulnerability details that would allow attackers to exploit it—we only disclosed its presence and our micropatch,” Arcos Security CEO Mitja Kolsek told PCMag in an email. “Per our long-standing policy, we wouldn’t even publish details after 90 days if these details allowed attackers to attack users.

Zoom has become the most popular app among stay-at-home workers during the Coronavirus pandemic to stay connected to the office. In the initial days, the app was hit with complaints of bugs and hackers getting into meetings and disrupting them.

After the discovery and disclosure of several security issues in April, the company stopped all-new feature additions and focused on security and privacy-related improvements and bug fixes.

Zoom very recently said that it had completed a complete overhaul of its security features. They even hired a special security firm Luta to help them clean up the systems. In June, Zoom hired a new chief information officer, Jason Lee, who was earlier with Salesforce.

Eric Yuan started Zoom in 2013, and it quickly took off and had acquired a million users in just two years of being launched. By January 2017, Zoom was a unicorn, reaching a valuation of $1 billion. It got an investment of $100 million from Sequoia Capital. The company went public in 2019 at a valuation of $16 billion. During the pandemic, the usage of Zoom went up to 300 million users in April.

But the company has been constantly bugged by some malfunctions and malware threats since usage went up.

Register today to get full access to:

All articles | Magazine archives | Livestream events | Comments

PASSWORD RESET

Register today to get full access to:

All articles | Magazine archives | Livestream events | Comments

//

Subscribe Plan Details








Register today to get full access to:

All articles | Magazine archives | Livestream events | Comments

LOGIN