/>
X

Zoom patches XMPP vulnerability chain that could lead to remote code execution

Google Project Zero researcher finds holes in the different ways XML was parsed on the Zoom client and server.
chrisduckett-mk3.png
Written by Chris Duckett on
shutterstock-1613076505.jpg
Image: Shutterstock / fizkes

Zoom users are advised to update their clients to version 5.10.0 to patch a number of holes found by Google Project Zero security researcher Ivan Fratric.

"User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol," Fratric said in a bug tracker description of the chain.

Looking at the way XMPP messages are parsed differently by Zoom's server and clients, since they use different XML parsing libraries, Fratric was able to uncover an attack chain that ultimately could lead to remote code execution.

If a specially crafted message was sent, Fratric was able to trigger clients into connecting to a man-in-the-middle server that served up an old version of the Zoom client from mid-2019.

"The installer for this version is still properly signed, however it does not do any security checks on the .cab file," Fratric said.

"To demonstrate the impact of the attack, I replaced Zoom.exe in the .cab with a binary that just opens Windows Calculator app and observed Calculator being opened after the 'update' was installed."

In its security bulletin published last week, Zoom said the security researcher also found a way to send user session cookies to a non-Zoom domain, which could allow for spoofing.

The CVE-2022-22786 vulnerability that allowed for downgrading the client only impacted Windows users, while the other three issues -- CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787 -- impacted Android, iOS, Linux, macOS, and Windows.

Fratric discovered the vulnerabilities in February, with Zoom patching its server-side issues the same month, and releasing updated clients on April 24.

Related Coverage

Related

Take 20 percent off this 4K monitor (and a lot more) during our 4th of July sale
replace-this-image.jpg

Take 20 percent off this 4K monitor (and a lot more) during our 4th of July sale

Deals
5 reasons Chromebooks are the perfect laptop (for most users)
Product image of Chromebook laptop open and closed

5 reasons Chromebooks are the perfect laptop (for most users)

Laptops
Need a free Slack alternative? How to quickly deploy Rocket.Chat
The first window of the Rocket.Chat installation wizard.

Need a free Slack alternative? How to quickly deploy Rocket.Chat

Collaboration