Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Vulnerability in Zoom Video Conferencing for macOS

 

Systems Affected


Zoom video conferencing software for macOS

Threat Level


High


Overview


An Attacker could use this vulnerability to exploit and take control of your Apple's Mac computer.(CVE-2019-13567)


Description


Cloud based Zoom meeting platform for macOS found vulnerable to severe flaw that could allow remote attackers to execute arbitrary code on a targeted system just by convincing users into visiting an innocent looking web page.
After installing Zoom to your computer it will create a local web server which runs on port 19421. This web server suffers from two issues, firstly, local server insecurely receives commands over HTTP, allowing any websites to interact with it, and secondly, local web server doesn't get uninstalled when users remove the Zoom client from their system which leaving them vulnerable forever.


Impact


  ✦  Execute arbitrary code
  ✦  Take control of the whole system (Apple computer)
  ✦  Data modifications
  ✦  Install unwanted programs and applications


Solution/ Workarounds


  ✦  Apple has released a security update which will remove the local web server created by Zoom without any user interaction.


References


  ✦  https://nvd.nist.gov/vuln/detail/CVE-2019-13567
  ✦  https://thehackernews.com/2019/07/zoom-video-conferencing-hacking.html


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.