Zoom users are highly encouraged to update their software to the latest version after discovering several flaws. Ivan Fratric of Google Project Zero discovered four massive Zoom flaws and reported them.

Zoom has since resolved the security vulnerabilities, but many clients still use the older versions of the video conferencing service. This puts them at several risks.

Hackers Can Easily Exploit Zoom Flaws

The Zoom flaws discovered recently by Ivan Fratric are no joke. They can be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Control ( XMPP ) messages and executing malicious code.

The security issues have a CVSS severity of between 5.9 and 8.1. The most severe CVSS score is 10. The list of bugs discovered in Zoom includes the following:

  • CVE-2022-22784

The Improper XML Parsing in Zoom Client for Meetings bug has a CVSS score of 8.1.

  • CVE-2022-22785

The Improperly constrained session cookies in Zoom Client for Meetings bug have a CVSS score of 5.9

  • CVE-2022-22786

The update package downgrade in Zoom Client for Meetings for Windows bug has a CVSS score of 7.5

  • CVE-2022-22787

The Insufficient hostname validation during server switch in Zoom Client for Meetings bug has a CVSS score of 5.9.

Zoom’s chat functionality is essentially built on top of the XMPP standard. This means that successfully exploiting the flaws mentioned above can allow an attacker to masquerade as a Zoom user in a private conversation between other users.

Ill-intended actors can connect to malicious servers and download a rogue update. They can downgrade the Zoom software for other users, resulting in more cybersecurity breaches. In Fratric’s words, he believes that “one user might essentially be able to spoof messages as if coming from another user”. He also stated that “an attacker might be able to send control messages which will be accepted as if coming from the server.”

The Devices That are Vulnerable

The downgrade attack can only affect the Windows version of Zoom. However, the CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787 bugs can impact Windows, Linux, Android, iOS, and macOS systems.

Potential threats arising from these bugs can be mitigated if users update their Zoom files to the latest software.

How To Secure Your PC

Any one of us can encounter software bugs. Each bug can be a high-security risk, but its discovery and presence will always be used to strengthen the security of our PCs. Here are some things that will help you if you have been hacked through software bug vulnerabilities.

Antivirus

A good antivirus can go a long way. They are constantly updated and trained to deal with the latest threats. Even if a hacker uses the Zoom bugs to breach your defense, the malware deployed might be neutralized by the antivirus. An antivirus will also alert you if you have outdated software on your PC.

VPN

VPNs have many unique features that are worth considering. Some VPNs block trackers, hide and change your IP address, and more. Some of the best VPN providers even have threat protection features.

This software can highlight your weak cybersecurity spots, old software, or even deal with the latest malware attacks. With a VPN software, you can boost your security levels tenfold on any device.

Two-factor-authentication

Many of us use only one password across multiple platforms and apps. However, a second password or authentication process can make a huge difference. Even if your computer is breached, hackers will either lose their interest or be stopped entirely by the second layer of protection.

Secondary profile

Most PC users use their administrator profiles when they operate their PCs. If your PC gets infected with malware or virus, it will also have administrator privileges. Consider creating a secondary profile on your PC with fewer privileges, especially if you have children or others using it.

Updates

Updates are crucial for the security of your PC. As seen in this article, older Zoom versions are less secure, and the newest discovered bugs only work on an older version of the app. However, this doesn’t mean you should update your Zoom app and that’s it.

Updates are meant to rectify potential security risks and improve your experience. You should regularly update every app or software on your PC and OS. No matter how tiresome those updates may seem, let them do their job, as they will protect you in the future.