Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!


37 bookmarks. First posted by jokela 8 days ago.


Write up of the Zoom camera security issue.
security  mac 
yesterday by robertocarroll
By John Gruber on Daring Fireball
RSS-starred  BazQux 
3 days ago by hadvil
As far as I can tell this vulnerability also impacts Ringcentral. Ringcentral for their web conference system is a white labeled Zoom system. According to Zoom, they will have a fix shipped by…
security 
6 days ago by coarsesand
Anything but Zoom (at least until they change their attitude): WebEx?
from twitter
6 days ago by jwoodget
A serious security issue in zoom (on Mac it installs a web server locally which does things like launching the zoom client). Also a very clear example of responsible disclosure by a professional.
security  zoom  via:HackerNews 
6 days ago by mcherm
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! via Instapaper https://ift.tt/32jp0HK
IFTTT  Instapaper 
6 days ago by chaoxian
A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.
CVE-Numbers
DOS Vulnerability — Fixed in Client version 4.4.2 — CVE-2019–13449
Information Disclosure (Webcam) — Unpatched —CVE-2019–13450
Foreword
This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission.
On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.
Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.
Yep, no joke.
This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link (for example https://zoom.us/j/492468757) and when they open that link in their browser their Zoom client is magically opened on their local machine. I was curious about how this amazing bit of functionality was implemented and how it had been implemented securely. Come to find out, it really hadn’t been implemented securely. Nor can I figure out a good way to do this that doesn’t require an additional bit of user interaction to be secure.
security  privacy  zoom  webcam  mac  bug  hack  apps 
6 days ago by rgl7194
Zoom Is Disturbingly Dangerous Software
7 days ago by nimprojects
Zoom Is Disturbingly Dangerous Software
ifttt  starred 
7 days ago by rafeed
As far as I can tell this vulnerability also impacts Ringcentral. Ringcentral for their web conference system is a white labeled Zoom system. According to Zoom, they will have a fix shipped by…
share  newsletter  security  zoom  infosec 
7 days ago by incredimike
from Daring Fireball

Jonathan Leitschuh:

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

Any architecture that requires a localhost web server is questionable at best. (That means every Mac with Zoom installed is running a web server.) but the fact that Zoom implemented it in a way such that the web server was still there, still running, even when you deleted the Zoom app is criminal. No one who understands how this worked could possibly have thought this was ethical. Install the app, try the app, delete the app — you expect all traces of the app to be gone. Not only did Zoom leave something behind, it left behind a web server with serious security vulnerabilities. I’m not prone to histrionics but this is genuinely outrageous — not even to mention the fact that Leitschuh reported this to Zoom months ago and Zoom effectively shrugged its corporate shoulders.

If you ever installed Zoom, I’d go through the steps to eradicate it and never install it again.

 ★ 
ifttt  daringfireball 
7 days ago by josephschmitt
Jonathan Leitschuh:

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

Any architecture that requires a localhost web server is questionable at best. (That means every Mac with Zoom installed is running a web server.) but the fact that Zoom implemented it in a way such that the web server was still there, still running, even when you deleted the Zoom app is criminal. No one who understands how this worked could possibly have thought this was ethical. Install the app, try the app, delete the app — you expect all traces of the app to be gone. Not only did Zoom leave something behind, it left behind a web server with serious security vulnerabilities. I’m not prone to histrionics but this is genuinely outrageous — not even to mention the fact that Leitschuh reported this to Zoom months ago and Zoom effectively shrugged its corporate shoulders.

If you ever installed Zoom, I’d go through the steps to eradicate it and never install it again.

 ★ 
via:daringfireball 
7 days ago by rufous
A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000…
from instapaper
7 days ago by divigation
As far as I can tell this vulnerability also impacts Ringcentral. Ringcentral for their web conference system is a white labeled Zoom system. According to Zoom, they will have a fix shipped by…
hack  mac  infosec  privacy 
8 days ago by eeichinger
A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000…
from instapaper
8 days ago by edexistant