[Videoconferencing] Zoom Client Remote Security Vulnerability
Andrew Daviel
advax at triumf.ca
Fri Jul 12 17:42:56 PDT 2019
FYI - anyone using Zoom should update
ID: CVE-2019-13450
Title: Zoom Client Remote Security Vulnerability
Vendor: Zoom
Description: Zoom Client is exposed to a remote security vulnerability.
An attacker can leverage this issue to bypass
security restrictions and perform unauthorized actions. Remote attackers
can force a user to join a video call with the
video camera active. This occurs because any web site can interact with
the Zoom web server on localhost port 19421 or19424.
--
Andrew Daviel
SMS/cell +1 604 377-4796
Now retired - ex.Network Security Manager
TRIUMF - Canada's particle accelerator centre
More information about the Videoconferencing
mailing list