Friday, June 21, 2024

Critical Zoom Vulnerability Allows Hackers to Steal your Windows Password & Escalate Privileges with macOS

A critical vulnerability with the Zoom client for windows allows attackers to steal Windows login credentials.

Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration.

Zoom usability is high now as most of the organization has been closed and the employees are provided with options to work from home.

Zoom Vulnerability

Zoom client for Windows supports for Universal Naming Convention (UNC), which is the feature that converts the URLs sent in the chat into hyperlinks.

So if the user click’s on the link it will open that with the default browser, but the problem resides in how the Zoom handles URLs.

A security researcher who goes by Twitter handles Mitch (@_g0dmode) discovered that Zoom client also converts the Windows networking UNC paths into a clickable URL.

If someone click’s on the UNC path URL then Windows will try to establish a connection with the remote site and windows will send the user’s login name and their NTLM password hash, by using the tools like John the Ripper, Rainbow, Hashcat crack attackers can capture the login credentials.

Further, a security researcher with handle Matthew Hickey (@HackerFantastic) checked the attack method and able to obtain NTLM password hashes exploiting the vulnerability.

Also, Hickey told that an attacker could exploit UNC path injection to run arbitrary code on the windows machine.

Former NSA hacker Patrick Wardle discovered two zero-days, that could be launched by a local attacker who has physical control over the machine.

The problem is with the AuthorizationExecuteWithPrivileges API validation that fails to validate the binary that will be executed.

So a low-level user can inject the Zoom installer with malicious code to obtain the highest root privileges.

The second bug is with the Zoom module that handles webcam and microphone on Macs, an attacker could inject malicious code into Zoom that tricks the application to give access to the attacker also for the same session that webcam and microphone connected.

The vulnerabilities have been reported to Zoom by the researchers and no fix was provided yet.

Also, attackers using Zoom’s Popularity in Coronavirus Outbreak to Infect Computers With Malware.

A huge number of domains registered with the names that include “Zoom”, and some of the malicious files in the name of Zoom.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles