Comprehensive software reviews to make better IT decisions
Zoom Quickly Addresses Zero-Day Vulnerabilities, But Now Is Not the Time to Rest
Amid the surge in cloud-based videoconferencing usage during the COVD-19 pandemic quarantine period, videoconferencing service provider Zoom has moved quickly to address zero-day vulnerabilities reported in its client software. That said, there is still work for it to do.
A flaw in the Zoom installer introduced a “UNC path injection” vulnerability in Zoom’s client software. This vulnerability can potentially allow malicious actors to steal the Windows login credentials of their victims and execute arbitrary commands on vulnerable systems.
Another zero-day vulnerability addressed by the patch deals with how Zoom interacts with the camera and microphone on Apple Mac platforms. The exploit of this vulnerability allows a malicious actor to gain access to the user’s microphone and camera.
(Source: Zoom Rushes Patches for Zero-Day Vulnerabilities, April 2020)
Tom’s Guide reported nine flaws/defects in Zoom, many of which have been addressed as of this writing. While Zoom’s diligent moves to correct these issues are notable, Tom’s Guide’s reporting serves as a testament to the numerous security concerns that plague the suddenly popular videoconferencing service.
(Source: Zoom privacy and security issues: Here's everything that's wrong (so far), April 2020)
The patches released by Zoom address issues on the client software that is distributed and installed on user workstations. Therefore, IT departments are strongly encouraged to roll out the patches as soon as possible and ensure that all users immediately comply with the direction to upgrade their software.
With the immense increase in Zoom’s popularity during this pandemic quarantine period, it is commendable that Zoom is responding quickly to discovered vulnerabilities. That said, it is apparent that Zoom was unprepared for the sudden and massive increases in both the number of subscribers and usage volume. At this critical point in time, Zoom needs to first focus its attention in addressing vulnerabilities uncovered in its product, then sustain its response roadmap to stay ahead of emerging weaknesses over time. The growth in popularity makes the service an attractive prospect for hackers – especially in the publicized and often sensitive ways that Zoom has been used (such as the recent UK government cabinet meeting.)
To this end, Zoom has wisely instituted a 90-day freeze on feature enhancement to prioritize its focus on addressing security issues with its product.
Stay tuned to Info-Tech Research Group’s Tech Briefs, as we will report on additional developments as they transpire.
Want to Know More?
On June 3, 2021, BlueJeans provided an update on its product direction for 2H 2021. BlueJeans is now fully integrated with Verizon One, completing Verizon’s full UCaaS solution.
On May 21, 2021, Cisco briefed on Webex’s security features. This not only included information about the type of administration control for end users when using Webex from any device, but also Cisco’s certifications and compliances more broadly.
This note outlines Info-Tech’s Three C’s of Enterprise Collaboration framework to help buyers effectively navigate the collaboration software marketspace.
With a return to the office looking ever more feasible, organizations need to consider what role web conferencing solutions will play moving forward. This note outlines three trends organizations should be aware of as we move into 2022.
On March 11, 2021, Verizon provided updates to BlueJeans’ product vision and direction for FY2021. BlueJeans experienced dramatic adoption in 2020, particularly for webinars and events, and seeks to offer advanced breakout room features in the future.
On February 24-25, 2021, Zoho held its annual ZohoDay – a conference aimed at communicating the state of the business and product roadmaps. The event coincided with Zoho’s 25th year as a company, testament to Zoho’s long-term business approach: grow organically, have zero debt, zero external investments, remain cashflow positive, and plow cashflow back into the business and customers.
On October 29, 2020, Verizon briefed on BlueJeans’ product vision and direction. This note outlines the new and upcoming features that users can expect from BlueJeans for the rest of 2020 and into 2021. However, with the table stakes margin for features rapidly increasing in the web conferencing marketspace, BlueJeans’ new features are less a way to stand out from the crowd and more as a necessity to keep up.
On November 5, 2020, Cisco briefed on its upcoming virtual legislative session tool Webex Legislate. With a range of features that governing bodies around the globe have desired throughout the extent of the pandemic, Webex Legislate surely becomes the must-have tool for conducting virtual and hybrid sessions – especially if an agency is already leveraging Cisco products.
On September 4, 2020, Info-Tech briefed with Zoho about current and upcoming features of Zoho Workplace, a global enterprise collaboration platform. Organizations, especially SMBs, that want to look outside of Microsoft’s and Google’s office productivity suite duopoly should consider shortlisting Zoho Workplace as a viable option.