Zoom security flaw uses chat messages to spread malware

If you downloaded Zoom when the pandemic first began and haven’t updated the software since, now is the time to do so.

Zoom has announced four security bulletins that identify major bugs in Zoom software earlier than version 5.10.0. It was proven that a user doesn’t even have to interact with a hacker for them to successfully attack.  It all happens through the “chat” feature on the popular video conferencing software.

 

Zoom security flaws

Security researcher Ivan Fratric at Google Project Zero reported the software’s security flaws to Zoom.  Attackers are able to send messages to victims using Zoom chat and force malware onto your device using what’s called XMPP protocol, the technology behind instant messaging.

Fratric identified six bugs in Zoom software, and the video app published four bulletins ranging from medium to high in severity.  The most concerning security flaw receives an 8.1 score on the Common Vulnerability Scoring System.  The CVSS scoring system ranks threats from 0 to 10, with the highest number showing the most serious vulnerability.

 

 

Which zoom users are at-risk?

Any Android, iOS, Linux, macOS, and Windows users who have Zoom Client for Meetings before version 5.10.0 should update their software now.

Zoom says the flaw “can allow a malicious user to break out of the current message context and create a new message context to have the receiving user’s client perform a variety of actions.” This attack could ultimately become more sophisticated and forge XMPP messages from the server, which means the hacker could use the victim’s zoom to create additional attacks.

 

How to update your Zoom software and avoid being attacked over Zoom

Be sure to update any Zoom software on phones, tablets, and computers by visiting the Zoom download center.  You can also open your current Zoom app, go up to the menu on your computer where it says zoom.us and navigate down and click “Check for Updates” and then follow the prompts to update the software.

 

How to always protect your devices

If you rarely update your software, make sure your devices are always protected against malware that can come in any form, whether it’s via Zoom chat, email, or any other way a hacker might attack.  We’ve broken down the top antivirus programs for 2022 and our top antivirus pick is Total AV, which offers a Total Security package that has real-time monitoring and will keep your devices virus-free.

Related posts

Malware discovered in these Apple apps – remove now

Traveling? Bring this triple protection for safer online banking

Have your passwords been hacked? Likely, yes. Here’s how to check