![]() ![]() Leitschuh added that he is publicizing the vulnerability because “this is essentially a zero day,” referring to a previously undisclosed vulnerability now out in the wild. An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack,” he wrote. “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner. ![]() In his timeline, Leitschuh said that the vulnerability was originally disclosed to Zoom on March 26, with a proposed “quick fix,” but that Zoom took 10 days to confirm the vulnerability, and that despite talking to the company he only saw on June 24 that Zoom had implemented the quick fix. Users can now update their client or download the new version from its website. Leitschuh included patches for the vulnerability, including how to disable the ability for Zoom to turn on your webcam when joining a meeting, a terminal command for disabling video by default and instructions on how to shut down the web server and remove web server application files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |