The current Zoom client version, 5.5.4 (13142.0301), for Windows is still vulnerable to the issue, Deeg told Threatpost. “The impact in real-life situations would be sharing confidential data in an unintended way to unauthorized people,” Deeg told Threatpost. However, “under certain conditions” if a Zoom presenter chooses to share one application window, the share-screen feature briefly transmits content of other application windows to meeting participants, according to German-based SySS security consultant Michael Strametz, who discovered the flaw, and researcher Matthias Deeg, in a Thursday disclosure advisory (which has been translated via Google). They have the option to share their entire screen, one or more application windows or just one selected area of their screen. This function allows users to share the contents of their screen with other participants in a Zoom conferencing call. The flaw ( CVE-2021-28133) stems from a glitch in the screen sharing function of video conferencing platform Zoom. However, the data is only leaked briefly, making a potential attack difficult to carry out. A security blip in the current version of Zoom could inadvertently leak users’ data to other meeting participants on a call.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |