Zoom Vulnerability
Reference:
Advisory #2019-018
Version:
1.0
Affected software:
Zoom for MacOs
Type:
DDOS, Unauthorized access
CVE/CVSS:
CVE-2019-13449, CVE-2019-13450
Date:
10/07/2019
Sources
https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/
Risks
A vulnerability discovered in the Mac Zoom client allows maliciously crafted websites to enable your camera without your permission or/and perform a denial of service by constantly joining a user to an invalid call repeatedly. Uninstalling the application still leaves a localhost server running on the vulnerable system, allowing re-installation without user consent.
A proof of concept is available.
Recommended Actions
CERT.be recommends system administrators to update vulnerable zoom client applications for MacOS users to the latest version:
https://zoom.us/download