Comprehensive software reviews to make better IT decisions
Zoom Quickly Addresses Zero-Day Vulnerabilities, But Now Is Not the Time to Rest
Amid the surge in cloud-based videoconferencing usage during the COVD-19 pandemic quarantine period, videoconferencing service provider Zoom has moved quickly to address zero-day vulnerabilities reported in its client software. That said, there is still work for it to do.
A flaw in the Zoom installer introduced a “UNC path injection” vulnerability in Zoom’s client software. This vulnerability can potentially allow malicious actors to steal the Windows login credentials of their victims and execute arbitrary commands on vulnerable systems.
Another zero-day vulnerability addressed by the patch deals with how Zoom interacts with the camera and microphone on Apple Mac platforms. The exploit of this vulnerability allows a malicious actor to gain access to the user’s microphone and camera.
(Source: Zoom Rushes Patches for Zero-Day Vulnerabilities, April 2020)
Tom’s Guide reported nine flaws/defects in Zoom, many of which have been addressed as of this writing. While Zoom’s diligent moves to correct these issues are notable, Tom’s Guide’s reporting serves as a testament to the numerous security concerns that plague the suddenly popular videoconferencing service.
(Source: Zoom privacy and security issues: Here's everything that's wrong (so far), April 2020)
The patches released by Zoom address issues on the client software that is distributed and installed on user workstations. Therefore, IT departments are strongly encouraged to roll out the patches as soon as possible and ensure that all users immediately comply with the direction to upgrade their software.
With the immense increase in Zoom’s popularity during this pandemic quarantine period, it is commendable that Zoom is responding quickly to discovered vulnerabilities. That said, it is apparent that Zoom was unprepared for the sudden and massive increases in both the number of subscribers and usage volume. At this critical point in time, Zoom needs to first focus its attention in addressing vulnerabilities uncovered in its product, then sustain its response roadmap to stay ahead of emerging weaknesses over time. The growth in popularity makes the service an attractive prospect for hackers – especially in the publicized and often sensitive ways that Zoom has been used (such as the recent UK government cabinet meeting.)
To this end, Zoom has wisely instituted a 90-day freeze on feature enhancement to prioritize its focus on addressing security issues with its product.
Stay tuned to Info-Tech Research Group’s Tech Briefs, as we will report on additional developments as they transpire.
Want to Know More?
On May 24-25, Informatica held its annual conference in Las Vegas – the first time “in-person” since the beginning of the COVID-19 pandemic.
Custom application development is a strategic differentiator in the digital economy. Organizations need to make good decisions on how to insource or outsource that development or they risk bad software … and worse results.
This note highlights the top three trends to watch for in the 2022 UCaaS marketspace: AR/VR digital workspaces will see sustained investment; UCaaS and customer experience management technologies will continue to blend; and speech functionality will become more sophisticated through AI-driven technology.
Enterprise Connect is North America’s premier conference for advances in communications, collaboration, and customer experience technologies. In this note, Thomas Randall provides his trends and keynote highlights for Enterprise Connect 2021, held September 27 to 29.
On October 6, 2021, Front briefed Info-Tech on their latest product functionality and roadmap, alongside their growth in the EMEA region. Front – a unified customer experience platform provider – offers a centralized communications hub that enables the fluid interchange of information for both internal and external communications.
On October 8, 2021, BlueJeans by Verizon announced their “Next-Generation BlueJeans” suite and partnership with Google Glass. The Next-Generation suite ties BlueJeans Meetings to two new products: BlueJeans Spaces and BlueJeans Collab Board.
Vijay Sundaram, Chief Strategy Officer at Zoho, describes a major release of new apps and services focused on enabling hybrid work.
Automation is not a silver bullet solution to your workforce productivity challenges. Optimization and automation (optimation) must be used together to remove root cause inefficiencies and best use the features and capabilities of your automation solutions.
At its fifth annual Zoomtopia conference, Zoom announced a wide range of innovations and upcoming products, including feature improvements for Zoom’s core videoconferencing platform; expansions for Zoom Phone and Zoom Events; and the introduction of Zoom’s Video Engagement Center.