Digital News: Zoom is... Still Crushing IT!
Thanks to remote work Zoom is gaining more and more territory in communication, especially between B2B.
Zoom Video Communication, the company behind Zoom Meeting. While the company has had nothing but steady growth going back to the first quarter of 2019 (fiscal year, not calendar), the first quarter of the fiscal year 2020 saw an amazing 169 percent revenue increase year over year.
Eric S. Yuan, the Founder and Chief Executive Officer of Zoom said, "The COVID-19 crisis has driven higher demand for distributed, face-to-face interactions and collaboration using Zoom. Use cases have grown rapidly as people integrated Zoom into their work, learning, and personal lives."
In April (2020), Zoom had already hit 300 million daily users, the grow though came with growing pains:
Zoom-bombings that required security updates (easily prevented now) and reports that the free use of the service may come with compromised privacy
Many companies have banned the use of Zoom, including SpaceX, NASA, and Google. Some of them, to be fair, have been vanished by Zoom (Google Meet/Hangouts). So have done many banks and governments.
Yet, this doesn't seem to troubles or hurting Zoom... but the financials of 2021 will tell us how much this affected the company.
While writing this post, I've found out something I need to share with you.
All the Zoom users need to update their app -NOW - and I have two critical reasons you should:
Researchers found two major security vulnerabilities that could allow a hacker to take over your device.
As Covid-19 made more people start working from home, Zoom has been under the spotlight - but not always for good reasons. Zoom has been through a phase of dealing with some security issues, incidents of Zoom bombing, and privacy scandals but it got better. Now, though, researchers have just found two major security vulnerabilities that could easily allow a hacker to take over your device.
Let's see the bright side of this!
Zoom patched these issues very quickly when the researches warned them. If you install the latest version of the app -which you should have by now, because it's mandatory- you should be protected.
The not so good news is that -at least- one of these security vulnerabilities is pretty serious.
So if your app isn’t updated you need to do it now, urgently.
What Are The Two Zoom Vulnerabilities?
The first vulnerability was an exploitable path traversal vulnerability in the Zoom app version 4.6.10 related to the GIF functionality. Tracked as CVE-2020-6109, an attacker simply needs to send a specially crafted message to a target user or group to trigger the vulnerability.
“Only Giphy servers were originally supposed to be used for this feature in Zoom,” Talos’ Jon Munshaw says. “However, the content from an arbitrary server would be loaded in this case, which could be abused to further leak information or abuse other vulnerabilities.”
Talos says there is a server-side fix for this issue but the researchers believe it “still requires a fix on the client-side to completely resolve the security risk.”
The Second Vulnerability was fixed in May, is a Zoom client application chat code snippet RCE vulnerability tracked as CVE-2020-6110. All an attacker would need to do to trigger this vulnerability is to send a specially crafted message. For the most severe impact, target user interaction is required, Talos said.
In an email, Zoom told me it had addressed both issues in its late April release. “Zoom’s fixes included both a server-side and client-side patch,” a spokesman told me, adding that users can help keep themselves secure “by applying current updates or downloading the latest Zoom software.”
Zoom is trying to constantly improve itself and make the app more secure, resolving issues as quickly as possible and always trying to keep users feels protected and safe while using the app.
(info from Forbes)
Leave a Comment