Home About Archives Search Feed


Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

🔒 medium.com

Yikes.

This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link (for example https://zoom.us/j/492468757) and when they open that link in their browser their Zoom client is magically opened on their local machine. I was curious about how this amazing bit of functionality was implemented and how it had been implemented securely. Come to find out, it really hadn’t been implemented securely. Nor can I figure out a good way to do this that doesn’t require an additional bit of user interaction to be secure.

🚨

Response from Zoom.

And a better response from the CEO of Zoom.

Posted on July 8, 2019








← Next post    ·    Previous post →