As per the recent reports, Zoom’s Zero Click vulnerability can expose personal user data, making the clients open to all sorts of cyberattacks. Although the Zero Click vulnerability has now been patched, they speak to the growing concerns around such cyber-attacks, which were raised during the pandemic.
Zero Click Vulnerability Sends Message Without any Notification
While the majority of the spyware requires the victim to tap on a certain link or open a certain attachment, Zero Click vulnerability, as the name indicates, targets the victim’s devices by sending a message to their smartphone that generates no notification. Hence, users do not even need to touch their phones for the spyware to take action.
Furthermore, Zoom users do have the option to enable end-to-end encryption for their calls on the platform, which would prevent an attacker from tracking their conversation, this doesn’t hold a hacker from peeking through the users’ call logs in case they didn’t turn on that protection.
Moreover, Google’s Project Zero researcher Natalie Silvanovich issued an analysis of such security threats. Silvanovich discovered two different kinds of bugs, with one being a buffer overflow problem that affected both Zoom customers and Zoom Multimedia Routers (MMRs), and the other being an information leak security flaw central to again, the MMR servers.
Zoom Has Now Enabled ASLR Security Mechanism
The report further stated the requirement of an Address Space Layout Randomization (ASLR), a security mechanism to guard against memory destroying attacks. The Zero Click vulnerability was reported and fixed on November 24, 2021. Zoom has since enabled ASLR.
Source: Pro Pakistani