(ANSA) – MILAN, JANUARY 24 – Two flaws in the Zoom video conferencing app could have exposed users’ audio and video calls to hackers. These were identified by researchers from Project Zero, Google’s team of cybersecurity experts. Even if they have now been fixed, it is not certain that someone failed to exploit the vulnerabilities which, as experts explain, were of the “zero-click” type, meaning that they did not require the target to do anything to be hit. Tagged CVE-2021-34423 (with a danger score of 9.8) and CVE-2021-34424 (with a score of 7.5), the bugs were discovered last October and fixed by Zoom as early as late November. The latest app update, both for computers and smartphones and tablets, integrates the solutions, protecting users from any external tampering. Through the critical issues and without any involvement of the victim, a hacker could have taken control of the device and viewed the calls in progress. While end-to-end encryption, enabled by the meeting initiator, makes it impossible for third parties to understand potential call archives, a cybercriminal would have been able to exploit the two flaws to follow the meetings live. In the recent past, the Project Zero team found zero-click vulnerabilities and other flaws in several communication platforms, including Facebook Messenger, Signal, Google Duo, FaceTime, and Apple’s iMessage. For researchers, analyzing an app like Zoom is not easy because, they recall, it is based on a proprietary system, unlike open-source software, with an understanding of the dynamics that requires more time and work. (HANDLE).
Source From: Ansa