There is a brand new flaw in Zoom that allows hackers to completely take over your PC or Mac while you are sitting and watching TV, but so far, only a few people know how it works.
Two of them are Dutch security researchers Daan Keuper and Thijs Alkemade. They demonstrated effective use of security vulnerabilities yesterday (April 7) as a two-year event. Pwn2Own Hacker Contest.
In fact, Keuper and Alkemade tie together three different flaws, some of which may have been known before, and they can be used to obtain full remote control of the PC through the Zoom desktop application. In addition to ensuring that the Zoom application is running, their attack does not require user interaction.
This is a tweet from the Pwn2Own competition, which shows the hacker animation in action. The sudden launch of the calculator application indicates that the researcher has mastered control of the computer. But the animation did not provide clues as to how Keuper and Alkemade did it.
We are still confirming the details of the #Zoom vulnerability with Daan and Thijs, but this is a better form of bug in actual use. #Pwn2Own #PopCalc pic.twitter.com/nIdTwik9aWApril 7, 2021
Malwarebytes researchers explained that this vulnerability can also be used on the Mac’s Zoom desktop client. Peter Arnz In the blog post. However, the browser version of the Zoom Meeting client is not affected.
The zoom itself is a Main sponsor This year’s Pwn2Own competition. There is no mention of the exploit on the Zoom website, but we can be sure that Zoom’s own personnel are working hard to fix this vulnerability as soon as possible. According to the Pwn2Own rules, software developers have 90 days to fix defects found in the competition.
For their troubles, Keuper and Alkemade received $200,000, which is undoubtedly a good supplement to their daily work at the Dutch network security company Computest.
As long as the Keuper, Alkemade, and Zoom security teams remain silent on how this exploit works, it is almost impossible for hackers to use it to hijack the computer running Zoom.
what can you do
If you want to play safely now, please use the Zoom browser interface instead of the Zoom desktop client. (When joining a meeting online, Zoom will push you to install the desktop application, but you can ignore it.)
The Pwn2Own competition is organized by Trend Micro’s “Zero Day Initiative” team and has been held since 2007.
White hat hackers have been provided with fully patched inventory machines and software, and their use must be demonstrated in real time in front of the live audience. The winner must share their methods privately with the hacked software developer.
to request modification Contact us at Here or [email protected]