Ex-NSA Hacker Drops New Zero-Day Doom for Zoom

Ex-NSA hacker drops new zero-day doom for Zoom | TechCrunch

As much of the country shifts to remote work in light of the COVID-19 pandemic, the videoconferencing software Zoom has experienced a boost in popularity. But the spotlight on Zoom has also illuminated some vulnerabilities in its security practices.

Just after two security researchers found a bug that could be abused to steal Windows passwords, another security researcher discovered two new bugs that can be used to take control of a Zoom user’s Mac. Patrick Wardle, a former NSA hacker and now principal security researcher at Jamf, exposed the bugs in a blog post Wednesday.

According to Wardle, the two bugs can be launched by a local attacker. When the bugs are exploited, the attacker has control over the vulnerable computer, and the first bug can be used to install malware and spyware. The second bug can give control of the victim’s webcam and microphone to the attacker.

source: TechCrunch

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s