Register now for better personalized quote!

Zoom patches XMPP vulnerability chain that could lead to remote code execution

May, 24, 2022 Hi-network.com
Image: Shutterstock / fizkes

Zoom users are advised to update their clients to version 5.10.0 to patch a number of holes found by Google Project Zero security researcher Ivan Fratric.

"User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol," Fratric said in a bug tracker description of the chain.

Looking at the way XMPP messages are parsed differently by Zoom's server and clients, since they use different XML parsing libraries, Fratric was able to uncover an attack chain that ultimately could lead to remote code execution.

If a specially crafted message was sent, Fratric was able to trigger clients into connecting to a man-in-the-middle server that served up an old version of the Zoom client from mid-2019.

"The installer for this version is still properly signed, however it does not do any security checks on the .cab file," Fratric said.

"To demonstrate the impact of the attack, I replaced Zoom.exe in the .cab with a binary that just opens Windows Calculator app and observed Calculator being opened after the 'update' was installed."

In its security bulletin published last week, Zoom said the security researcher also found a way to send user session cookies to a non-Zoom domain, which could allow for spoofing.

The CVE-2022-22786 vulnerability that allowed for downgrading the client only impacted Windows users, while the other three issues -- CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787 -- impacted Android, iOS, Linux, macOS, and Windows.

Fratric discovered the vulnerabilities in February, with Zoom patching its server-side issues the same month, and releasing updated clients on April 24.

Related Coverage

  • Is it time to stop paying for Zoom?
  • Thumbs up? Zoom is adding this handy gesture-recognition feature
  • Zoom awarded$1.8 million in bug bounty rewards over 2021
  • Zoom live avatars: Finally you can turn up to your meetings as a rabbit or a dog. Here's how

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.