Friday, November 1, 2024
HomeSecurity UpdatesGoogle Details Two Zero-Click Bugs in Zoom Clients That Let Attackers Execute...

Google Details Two Zero-Click Bugs in Zoom Clients That Let Attackers Execute Malicious Code

Published on

Malware protection

Two zero-click bugs in Zoom clients have been detected recently by the security analyst Natalie Silvanovich of Google’s Project Zero that enables the threat actors to execute malicious code.

By exploiting these security flaws, the attackers target the:-

  • Zoom clients
  • Multimedia Router (MMR) servers

With the help of these two elements, the audio and video content between clients is transmitted. While after patching them, the company has recently activated the ASLR. 

- Advertisement - SIEM as a Service

On successful exploitation of these two zero-click bugs, the threat actors can achieve control over the device of their victim that also without any kind of interaction from the user end.

Flaw Profile

  • CVE ID: CVE-2021-34423
  • Description: A buffer overflow vulnerability that can be leveraged to crash the service or application or execute arbitrary code.
  • CVSS score: 9.8
  • Severity: Critical
  • CVE ID: CVE-2021-34424
  • Description: A process memory exposure flaw that could be used to potentially gain insight into arbitrary areas of the product’s memory.
  • CVSS score: 7.5
  • Severity: High

Exploit

An attacker can manipulate the contents of a buffer by exploiting these bugs, and this could be executed by sending a malformed chat message to crash the client and MMR server.

Not only that even, by joining a Zoom meeting via a web browser, it is also possible to leak data from memory, and this happens due to the lack of a NULL check. 

Here’s what the security expert, Natalie Silvanovich stated:-

“The lack of ASLR in the Zoom MMR process greatly increased the risk that an attacker could compromise it. ASLR is arguably the most important mitigation in preventing exploitation of memory corruption, and most other mitigations rely on it on some level to be effective. There is no good reason for it to be disabled in the vast majority of software.”

Zoom has a closed nature, and its closed nature greatly affected this investigation. Since most of the video conferencing systems use the open-source software:-

  • WebRTC
  • PJSIP

These open-source software platforms are not bug-free, but since they are open-source, so, they could be easily rectified by vendors and analysts.

Moreover, one of the most interesting key features of zero-click attacks, they don’t leave any footprints or traces of any malicious activity; in short, they create such a complexity due to which it becomes very difficult to detect them.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button

Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen...

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...