Allele Security Alert
Unauthorized command execution
Zoom Video Communications, Inc
Zoom Desktop Conferencing Application
Zoom for macOS version 4.1.33259.0925
Zoom for Windows version 4.1.33259.0925
Zoom for Linux version 2.4.129780.0915
Windows version 4.1.34814.1119
macOS version 4.1.34801.1116
Proof of concept
There’s a vulnerability in Zoom’s Desktop Conferencing Application that allows for execution of unauthorized Zoom commands like spoofing chat messages, hijacking screen controls and kicking attendees off calls and locking them out of meetings. This vulnerability could be exploited in a few scenarios: 1) a Zoom meeting attendee could go rogue; 2) an attacker on the local access network (LAN) or 3) a remote attacker over wide area network (WAN) could theoretically use this vulnerability to hijack an ongoing Zoom meeting.
This bug is due to the fact that Zoom’s internal messaging pump (util.dll!ssb::events_t::loop) dispatches both client User Datagram Protocol (UDP) and server Transmission Control Protocol (TCP) messages (from util.dll!ssb::select_t::loop) to the same message handler in ssb_sdk.dll. This allows an attacker to craft and send UDP packets which get interpreted as messages processed from the trusted TCP channel used by authorized Zoom servers.
David Wells (Tenable)
Tenable Research Advisory: Zoom Unauthorized Command Execution (CVE-2018-15715)
New Updates For Mac OS
New Updates For Windows
Remotely Hijacking Zoom Clients
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 9, 2019