The first vulnerability that have been identified in the zoom app is about UNC paths. The windows client can convert networking UNC paths into a clickable link in the chat message which can be utilised by attackers to capture Windows passwords and other login credintials. The attacker can easily gain access to the computer after exploitation and install malware or spyware, without letting the users know about the backdoor entry. The issue that allows unwanted access is due to the installer that can easily be injected with malicious code and used to obtain root-level user privileges. Zoom, who has been informed of the issue, can fix the issue by not turning network paths into clickable links, while network admins in the meantime can disable the automatic sending of network login credentials via the group policy ‘Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers’, though this can cause issues when accessing resources on some networks. Home users can modify the Restrict Sending NTLM Traffic Registry value under the HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\ Control\Lsa\MSV1_0 key and set it to 2. They do not need to reboot. In addition to the UNC injection flaw, the Zoom app is said to have two distinct security loopholes that could allow attackers to gain root access and take over a user’s Mac system. It is important to note that apart from the above new security issues, Zoom was recently in the news for its misleading end-to-end encryption claim. The app has also been found to have a flaw that exposes emails and photos of users.
Smartphone Prices Hiked in India After New GST RatesWhatsApp Limits Status Video to 15 Seconds in IndiaCOVID-19: Telecom Companies Offer Extra Talktime and Extending the Validity of Prepaid Plans to Provide Relief