Zoom patches conference software after Tenable discovers security vulnerability - Technical.ly Baltimore

Dev

Nov. 29, 2018 1:56 pm

Zoom patches conference software after Tenable discovers security vulnerability

The flaw could've allowed an attacker to hijack a meeting, according to Columbia-based Tenable.

A screenshot from Tenable's video on the Zoom vulnerability.

(Courtesy photo)

Tenable was behind one software update to fix security flaws that’s circulating this week.

The research arm of the Columbia-based cybersecurity company discovered a vulnerability in Zoom’s conferencing platform that would allow attackers to take control of a user’s desktop remotely during a meeting.

After being alerted, Tenable said that Zoom quickly updated the software.

According to Tenable, the security flaw, if exploited, would allow attackers to do the following:

  • Hijack control of a screen, allowing them to download and execute malware.
  • Impersonate others in the meeting through chat messages.
  • Kick out other attendees of the meeting.

A blog post from the company states the vulnerability was discovered by Tenable’s David Wells.

“This impacts both one-on-one (P2P) meetings as well as group meetings streamed through Zoom servers,” the blog post states, adding that the vulnerability could also be exploited over Wide Area Network (WAN).

The vulnerability could’ve put 750,000 companies that use Zoom at risk.

To fix the vulnerability, Zoom patched servers and released new versions of the software. The company is urging users to ensure their software is up-to-date.

This vulnerability is the perfect example of the cyber attack surface that is expanded by seemingly innocuous services, like Zoom,” Tenable CTO Renaud Deraison said in a statement.

In September, the recently IPO’d company released research on a vulnerability in security cameras used around the world.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

What’s the word? Contribute to our list of cybersecurity terms to know

Here are the winners of the 2019 Maryland Cybersecurity Awards

Power Moves: Frank Bonsal III is leaving TU incubator, returning to venture capital

SPONSORED

Baltimore

How SmartLogic accelerated these startups’ product growth trajectories

Philadelphia, PA

Orthly

Full-Stack Javascript Engineer

Apply Now
Baltimore, MD 21201

14 West

Chief of Staff

Apply Now
Baltimore, MD

SmartLogic

Product Designer

Apply Now

Baltimore’s ABS Capital Partners leads $23M Series A for Florida cybersecurity company

It’s Growing Industries month at Technical.ly. In Baltimore, we’re focusing on cybersecurity

Hear from the privacy pros at Security by the Schuylkill

SPONSORED

Baltimore

This fast-growing SaaS company aims to be a force for change in the energy industry

Baltimore

Technically Media

Technical.ly Baltimore Contributing Reporter (Contract or Freelance)

Apply Now
Baltimore, MD

SmartLogic

Developer

Apply Now
Baltimore, MD 21201

14 West

Application Security Engineer (Pen Tester)

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!