Threat intelligence organisation, Cisco Talos, has found two new critical flaws in viral video chat platform, Zoom, that allows attackers to execute malicious code on users’ machines.
The security firm worked with Zoom to fix these issues and confirmed, via a blog post, that the video chat platform rectified the threats on its server but “still requires a fix on the client side".
The first vulnerability exists in version 4.6.10 of Zoom’s software and is related to sending animated GIFs via the platform’s chat feature. “A specially crafted chat message can cause an arbitrary file write, which could potentially be further abused to achieve arbitrary code execution," the company wrote in the blog post.