• Latest
  • Trending
Messages Sent Through Zoom Can Expose People to Cyber-Attack

Messages Sent Through Zoom Can Expose People to Cyber-Attack

May 26, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 17 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Messages Sent Through Zoom Can Expose People to Cyber-Attack

by ITECHNEWS
May 26, 2022
in Infosec, Leading Stories
0 0
0
Messages Sent Through Zoom Can Expose People to Cyber-Attack

Zoom, the videoconferencing platform that has become a staple for connection and communication since the onset of COVID-19, has revealed four recent security vulnerabilities.

The vulnerabilities could be exploited to compromise users over chat by sending specially crafted Extensible Messaging and Presence Protocol (XMPP) messages and executing malicious code.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

The four vulnerabilities, ranging from 5.9 to 8.1 in severity, were discovered by Ivan Fratric, Google Project Zero. Fratric tracked the flaws from CVE-2022-22784 through CVE-2022-22787 and subsequently reported them in February 2022.

 

The bugs include:

 

  • CVE-2022-22784 (CVSS score: 8.1): Improper XML Parsing in Zoom Client for Meetings
  • CVE-2022-22785 (CVSS score: 5.9): Improperly constrained session cookies in Zoom Client for Meetings
  • CVE-2022-22786 (CVSS score: 7.5): Update package downgrade in Zoom Client for Meetings for Windows
  • CVE-2022-22787 (CVSS score: 5.9): Insufficient hostname validation during server switch in Zoom Client for Meetings

 

XMPP is the standard upon which Zoom’s chat feature is built. A cyber-attacker can pose as a regular user through exploitation of the aforementioned vulnerabilities. In turn, the individual can connect to a suspicious server and download an update, resulting in arbitrary code execution stemming from a downgrade attack.

In the report, Fratric writes: “Initial vulnerability (labeled XMPP Stanza Smuggling) abuses parsing inconsistencies between XML parsers on Zoom’s client and server in order to be able to ‘smuggle’ arbitrary XMPP stanzas to the victim client. From there, by sending a specially crafted control stanza, the attacker can force the victim client to connect to a malicious server, thus turning this primitive into a man-in-the-middle attack.”

The issue at the core of these vulnerabilities is the ability of a cyber-attacker to find inconsistencies between XML parsers in the software’s client and server. When this happens, XMPP stanzas can be sent to the victim of the attack. This allows hackers to take advantage of software updates, weaponizing the process and delivering an outdated, less secure version of Zoom to prospective targets through a malicious server.

David Mahdi, chief strategy officer and CISO advisor at Sectigo, commented on these forms of social hacks and offers advice on how to avoid becoming a victim:

“As a form of social engineering, attacks like this can be incredibly hard to prevent, with attackers using incredibly savvy methods to trick users into doing ‘the wrong thing’, such as clicking a bad link that will download malware. Attackers are now deploying a growing variety of tactics, such as supply chain attacks and social engineering, to target organizational issues inherent with hybrid work, human error, and shadow IT.

“Multi-factor authentication (MFA), when correctly deployed, can mitigate cyber-criminal attacks from using stolen credentials to access devices or networks in the case of a phishing attack. This approach is critical to any business, or individual consumers, as a means to decrease the chances of becoming victim to identity-first cyber-attacks.”

Microsoft systems with Zoom are the most susceptible to these vulnerabilities. However, Android, iOS, macOS and Linux are all vulnerable to CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787. Zoom advises downloading the latest version of the app (5.10.0).

Source: Deidre Olsen
Via: Infosecurity Magazine
Tags: Messages Sent Through Zoom Can Expose People to Cyber-Attack
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version