Show vulnerabilities with patch / with exploit
13 July 2020

Zoom patches critical bug affecting Zoom client for Windows


Zoom patches critical bug affecting Zoom client for Windows

Zoom has released Zoom client for Windows version 5.1.3 (28656.0709) to address a remote code execution vulnerability in the software which has been reported last week.

The issue allows a remote attacker to execute code by tricking a victim into performing some typical action such as opening document file without any warning being shown to the user. It is worth noting that the flaw is only exploitable on systems running Windows 7 and older versions of the operating system that are no longer supported by Microsoft. Another mitigating factor is that the attack requires user interaction. Users are advised to download the newest version of the client app.

Over the weekend the company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.

“Account owners and admins can upgrade to SRTP with AES-256 bit encryption for specific sites and models. By default, AES-128 bit is enabled. Admins must enable AES-256 bit in the web portal,” according to the released notes on the update.

Additionally, the update introduces a “call monitoring” feature for Mobile users which allows them to “listen to a call without the parties being aware; speak to a phone user in a call without other parties being aware; join a call and speak to all parties; or take over the call from another user.”

The July 12th Web update also comes with several new features, including a customized speed dial supporting the busy lamp field (BLF) feature, call parking, the ability to create a shared directory of external contacts, and “minor bug fixes.”

Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020