#ZoomDoom: Two New Security Flaws Disclosed in Web Conferencing Software

The two security flaws disclosed by Patrick Wardle, are perfect examples of a new focus on targeting the remote workforce that has exponentially grown as organizations quickly shift their employees to work from home due to the COVID-19 outbreak. As organizations frantically implement software and technologies to support their distributed workforce, security researchers and threat actors alike will continue to discover new critical security flaws targeting these solutions.

Zoom is one of the most popular web conferencing software solutions on the market today; it comes at no surprise it has risen to the top of the radar for attackers.

Disclosed Security Issues in Zoom

The two issues disclosed are local security issues, meaning a remote attacker cannot exploit these directly via the internet. However, as Wardle described in his blog, these techniques are already being implemented by malware authors to subvert Apple's security mechanisms. It is only a matter of time before we see new malware in the wild leveraging these flaws to target Zoom.

The first security flaw allows the attacker to escalate privileges – once an attacker achieves Root on a system, it’s game over. The ability to escalate privileges gives an attacker a lot more room to work with and makes it significantly more difficult to eradicate when or if the attacker is detected.

The second security flaw shows how to inject a malicious library into Zoom's trusted process content which allows an attacker to record all Zoom meetings. This is exponentially bad, considering most confidential meetings that were typically happening in an office are now held online, making the extremely sensitive content of these discussions now open for eavesdropping.

What Does This Mean for the Remote Workforce?

As security and IT teams continue to struggle with the move to a fully remote workforce, this adds additional critical decision-making steps, which adds extra stress and workload for these teams that are already overextended in these unfortunate times.

What are the Best Steps to Protect Against These Security Threats?

While Zoom worked frantically to patch these issues within 24 hours of public disclosure, it may be time to weigh your options for reducing your attack surface.

For some organizations, you may consider looking to alternative conferencing solutions. Or, if that’s not a feasible solution at this time, you can choose to inherit the risk until the most recent patch can be applied to remediate the issues. If you are going to continue to inherit the risk, our suggestion for organizations is to remove the software locally and use the Zoom Web App if possible, to help reduce the attack surface for these flaws.

While the workplace has had to evolve beyond the borders of the office quickly, fast adoption of supplemental support software was inevitable. But keeping that in mind, it is best for us all to do our due diligence in researching the solutions, ensuring we are all following proper cyber hygiene practices, and ultimately working hard to end breaches today.

Your Plan of Attack? Patch Now or Temporarily Uninstall Zoom.

To help you reduce your organizational risk until you can patch your systems, you can choose to remove the software locally and use the Zoom Web App. The Zoom web client is strong enough to provide the tools needed to be part of a meeting without the local agent installed. If your organization decides to go this route, we have produced worklets to help uninstall software.

Worklet: Enforced Application Uninstall for Windows

Worklet: Uninstalling Applications on MacOS

You can automate this worklet deployment through Automox policies to ensure that all supported machines uninstall the client. If you need help, click here to learn how to create a patch policy in the Automox console.

About Automox Automated Patch Management

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.