[Videoconferencing] Zoom Client Remote Security Vulnerability

Andrew Daviel advax at triumf.ca
Fri Jul 12 17:42:56 PDT 2019


FYI - anyone using Zoom should update


ID: CVE-2019-13450
Title: Zoom Client Remote Security Vulnerability
Vendor: Zoom
Description: Zoom Client is exposed to a remote security vulnerability. 
An attacker can leverage this issue to bypass
security restrictions and perform unauthorized actions. Remote attackers 
can force a user to join a video call with the
video camera active. This occurs because any web site can interact with 
the Zoom web server on localhost port 19421 or19424.


-- 
Andrew Daviel
SMS/cell +1 604 377-4796
Now retired - ex.Network Security Manager
TRIUMF - Canada's particle accelerator centre


More information about the Videoconferencing mailing list