Two vulnerabilities in Zoom could lead to code execution

I wonder. Are all the vulnerabilities and issues with Zoom because of its popularity?<p>Everybody is using zoom these days and in my opinion it&#x27;s because it has an excellent user experience.<p>I&#x27;m wondering if something like Cisco WebEx is just as &quot;broken&quot; but everyone doesn&#x27;t have their eyes on it.<p>One thing for sure. We need a way to run desktop applications in isolated containers in the same way mobile apps are run.<p>I joined a WebEx meeting the other day, downloading it&#x27;s client. And after the meeting a little window popped up with my next meetings.<p>Without permission it&#x27;d hooked into my outlook calendar.<p>At the the very least, we could have some sort of virtual file system that by default applications only see.<p>I&#x27;m sure the capability exists in windows, because there&#x27;s a mod management tool for Skyrim I&#x27;ve used where it creates a virtual folder for all your activated mods and the game itself sees that virtual folder when running.<p>As an aside, remember when Skype was the most popular audio&#x2F;video chat app in the world?<p>Or even MSN messenger?<p>I also remember Hangouts getting popular but then stagnating in using 100% CPU and setting fire to your laps.

another day, another set of misrepresented vulnerabilities from the security consultancy vuln mill:<p>1) Zoom client application chat Giphy arbitrary file write<p>This is not an &#x27;arbitrary file write&#x27;. There is virtually no &#x27;arbitrary file write&#x27; that doesn&#x27;t lead to code execution on Windows. The reason is detailed in the report itself:<p>&gt; The severity of this vulnerability is partially mitigated by the fact that Zoom client will append a string _BigPic.gif to the specified filename. This prevents the attacker from creating a fully controlled file with arbitrary extension.<p>Nobody is getting hacked by downloading a corrupt .gif file.<p>2) Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability<p>This is not an &#x27;arbitrary file write&#x27;, as even in the most user input intensive scenario it is restricted. It&#x27;s not a &#x27;remote code execution&#x27;, either as they clearly detail in the last paragraph:<p>&gt; In summary, this vulnerability can be abused in two above outlined scenarios. First, without user interaction, it can be abused to plant arbitrary binaries on target system albeit at a constrained path potentially used in exploiting another vulnerability. Secondly with user interaction, plant binaries at almost arbitrary paths and can potentially overwrite important files and lead to arbitrary code execution.<p>The report itself <i>does not</i> detail the actual way this reaches remote code execution, saying only:<p>&gt; This in itself could potentially be abused in leveraging another vulnerability.<p>However, they could presumably extract the exe to %APPDATA%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, which would cause remote code execution when the user logs in again. I would be surprised if the reality isn&#x27;t they tried this and they couldn&#x27;t do it. I don&#x27;t understand why they cut this so short.<p>It&#x27;s pretty normal for me to be able to drop an .exe in various places. That&#x27;s what happens when a website triggers a download. The important thing here is the &#x27;execution&#x27; of remote code execution, which they have failed to demonstrate.<p>This is an endless frustration as a vulnerability researcher. Security consultancies, trying to fish for contracts are endlessly willing to misrepresent bugs and security issues they find as much as possible, and there&#x27;s very little accountability for this.

PSA: Zoom has a pretty decent web only experience you can access using a roundabout procedure:<p><a href="https:&#x2F;&#x2F;support.zoom.us&#x2F;hc&#x2F;en-us&#x2F;articles&#x2F;214629443-Zoom-web-client?mobile_site=true#h_d058aa08-10b5-4c9f-b029-4ce9603bb2d1" rel="nofollow">https:&#x2F;&#x2F;support.zoom.us&#x2F;hc&#x2F;en-us&#x2F;articles&#x2F;214629443-Zoom-web...</a><p>If the Zoom native app&#x27;s security is a concern for you, the arguably increased security of your browser&#x27;s environment should help.<p>If you are a Zoom meeting host, you can save your participants the trouble of the procedure described above by always showing the Join From Browser link:<p><a href="https:&#x2F;&#x2F;support.zoom.us&#x2F;hc&#x2F;en-us&#x2F;articles&#x2F;115005666383-Show-a-Join-from-your-browser-Link?mobile_site=true" rel="nofollow">https:&#x2F;&#x2F;support.zoom.us&#x2F;hc&#x2F;en-us&#x2F;articles&#x2F;115005666383-Show-...</a>

Not a comment on the article, but the CAPTCHA before it seems weird and kind of sketchy.<p>&gt; Why do I have to complete a CAPTCHA?<p>&gt; Completing the CAPTCHA proves you are a human and gives you temporary access to the web property.<p>Okay, but... why do I have to complete a CAPTCHA?<p>&gt; What can I do to prevent this in the future?<p>&gt; If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware.<p>&gt; If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices.<p>&gt; Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Firefox Add-ons Store.<p>How would a virus scan help here? I certainly hope my browser doesn&#x27;t go around advertising when I last did one of them. And how does Privacy Pass prove I&#x27;m human, are robots unable to pretend to be Firefox plus Privacy Pass?

Because of these possibilities, I prefer using my iPad Mini for meetings, and If I have to share a screen I just join from Chrome, its screen share works well enough and is more restricted than Zoom client. I highly recommend it if you dont feel comfortable.

I always use Zoom in a browser to avoid stuff like this. Zoom has repeatedly shown itself to be an untrustworthy app by an untrustworthy vendor.

The Linux client jumped from 3.5.392530.0421 to 5.0.418682.0603 at the end of April 2020, the version outlined in this article <i>appears</i> to have never existed on the Linux platform.

The title is misleading: the vulnerabilities are already fixed in the most recent version according to the article.

I don’t get why people didn’t drop it after that major vulnerability last year

Correct me if I&#x27;m wrong… but didn&#x27;t this get resolved in 5.x, and this is referring to an old version?<p>I was forced to update to 5.x at one point, so it seems like this is old news.

I’ve had great experience with running it in a vm at the cost of screen sharing.

At least they&#x27;re into regular bad code bugs, rather than intentionally created security holes, including deliberately circumventing browser security restrictions.<p>So progress?