If the three formulas prove it, the four weaknesses are the risk of not updating the zoom. The well-known California app, which provides video telephony and online chat services through a cloud-based peer-to-peer software platform, could become one of the best hackers’ crosshairs in its segment.
Some recently created bug alarms, in fact, allow cyber criminals to hack their victims, simply by sending them a message. Popular video conferencing service Zoom has identified and explicitly identified four security vulnerabilities that can be used to compromise another user via text message chat. XMPP (Extensible Messaging and Attendance Protocol) Specially created and running malicious code.
Traced from CVE-2022-22784 to CVE-2022-22787, the zoom problem, the severity of the actual vulnerabilities is between 5.9 and 8.1. Google Project Zero’s Evan Fratrick was credited with uncovering and reporting four bugs in February alone.
Zoom, vulnerabilities and all the risks encountered
It lists bugs Zoom: CVE-2022-22784 (CVSS score: 8.1), incorrect XML parsing in zoom meeting client. CVE-2022-22785 (CVSS score: 5.9), session cookies incorrectly bound to zoom client for meeting. CVE-2022-22786 (CVSS Score: 7.5), Update package downgrade to zoom client for meeting for windows. Last but not least CVE-2022-22787 (CVSS score: 5.9), insufficient hostname validity when switching servers to zoom client for meeting.
With its chat functionality Zoom Based on values XMPP, Exploiting vulnerabilities can cause an attacker to force a vulnerable client to mask the zoom user, connect to a malicious server, and even download an unauthorized update, resulting in a downgrade attack arbitrarily executing code.
The sequence of Fraternal no-click attacks ” XMPP stack smuggling “, Adding”A user may be able to forge messages as if they came from another user “and that” an attacker can send control messages that will be received as coming from the server”
Problems The XMPP column, a basic communication unit of the XMPP, is arbitrarily “trafficked” to the victim client, using the analysis of inconsistencies between the zoom client and the server’s XML parsers. In short, update that application.
