ZM - zero day - no panic

Hello everyone,

TechCrunch is featuring a zero day vulnerability regarding Zoom for MacOS users.

https://techcrunch.com/2020/04/01/zoom-doom/

Ignore the MSM hype!

The vulnerability is unpatched right now BUT to be SUCCESSFULLY EXPLOITED the hacker must have already compromised the macOS system.

Volatility might happen but not because there’s a true zero day vulnerability.

~Scott

14 Likes

KEY to the vulnerabilities:

The two bugs, Wardle said, can be launched by a local attacker — that’s where someone has physical control of a vulnerable computer.

I’m the lone user of my Mac…

The Mac happens to be password protected…

Denny Schlesinger

3 Likes

Articles that are critical of Zoom seem to be quite the rage today. I came across the below on my LinkedIn feed. the caption seems to be rather unhelpful to Zoom’s cause

https://www.bleepingcomputer.com/news/security/zoom-lets-att…

KEY to the vulnerabilities:

The two bugs, Wardle said, can be launched by a local attacker — that’s where someone has physical control of a vulnerable computer.

I’m the lone user of my Mac…

It is what is called a Privilege Escalation vulnerability. It is a zero day. And, you don’t have to have physical control of the computer (meaning you’re at the keyboard). It could be exploited remotely. However, it would have to be paired with another exploit to establish your remote presence on the endpoint. If paired with a Remote Access Trojan (RAT), for example, this vulnerability could be exploited.

Now, will it affect earnings or the stock price? Most likely not. But, it is distressing to see several vulnerabilities now, and misleading information from the company (they claim to use end-to-end encryption, which is untrue). Hopefully they will start acting in a more responsible manner; with their now large user base, especially in the Enterprise environment, the “move fast & break things” model will not work.

-Rob

4 Likes

Now, will it affect earnings or the stock price? Most likely not. But, it is distressing to see several vulnerabilities now, and misleading information from the company (they claim to use end-to-end encryption, which is untrue). Hopefully they will start acting in a more responsible manner; with their now large user base, especially in the Enterprise environment, the “move fast & break things” model will not work

All of the security people have Zoom’s attention by now. Everyone who can test out their vulnerabilities is testing them now. There will be patches, unless this guy is truly planning to use it as spyware. If he was with Huawei before, I would consider that. He wasn’t. It will be patched and quickly.

3 Likes

Your above post is great news thanks Scott.

Also in regards to the Photo-bombing into Zoom meetings when the privacy settings on Zoom are not set: My wife today using Zoom for her classroom said the default was not set for the students who were invited to now be waiting for he to individually let them into the Zoom-classroom- just like when she’s teaching Kinder at the Physical school, now closed. Well not exactly the same; but, as a Zm shareholder I like Zoom’s responsiveness in protecting their brand.

Just sold my new ZOOM. Trouble on both of our Coasts…wish I had bought ZOOM, much sooner.

Broker suggested I sell my old PLNT, last month…gyms closed…Cheap gyms available to almost everyone. I liked that.

NOW…LEAVING MY PORT, ALONE…WAITING FOR BETTER TIMES!!!

STAY WELL, STJ