Two new Vulnerablities found in Zoom

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

Cisco Talos a cyber threat intelligence group found two Vulnerabilities in the video conferencing application which can let the malicious user exploit arbitrary code on victims’ machines. Cisco Talos operated along with Zoom and made patch accessible. The first security vulnerability (CVE-2020-6109) remained in the way Zoom takes full advantage of GIPHY service, recently bought by Facebook.

Patch now available

The video conferencing application is becoming popular as each day pass and has gained a huge audience in a short span. However, the organization has too many issues concerning security. The latest vulnerability is among them.

Explaining the vulnerability, researchers said that an exploitable route traversal vulnerability subsists in the Zoom client, version 4.6.10 means messages also contain animated GIFs. A uniquely developed chat message can create an inconsistent file write, which could be exploited to execute arbitrary code execution. An attacker requires transferring a specifically designed information to an end-user or a group to abuse this vulnerability.

As per the researchers following the second vulnerability sequenced as CVE-2020-6110, a specifically crafted chat message can create an inconsistent binary planting, which could be exploited to execute arbitrary code execution. An intruder requires to transfer a uniquely crafted information to an end-user or a group to trigger this vulnerability.

Talking about the two possible scenarios the researchers stated that initially without user interaction that it can be exploited to plant arbitrary binaries on the victim’s system at a forced path possibly utilized in exposing different vulnerabilities. Furthermore, with user interaction, plant binaries at almost arbitrary paths and can overwrite critical files and lead to arbitrary code execution.

Both the vulnerabilities are path traversal which can be abused to plant or write arbitrary code on vulnerable versions of video conferencing software. The flaw was found in version 4.6.10 of Zoom.

Looking for more Security News? news? Stay tuned for the latest update news, subscribe to our newsletter to get the latest and regular updates.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This