We will share more details on this new RCE flaw with our readers through The Hacker News official Twitter account, as soon as they are available. The technical details of the new remote code execution flaw in Zoom client for macOS are not yet available, but Jonathan and other researchers confirmed, and demonstrated the existence of a working proof-of-concept exploit, as shown in the video above. Meanwhile, to help its users, Apple surprisingly yesterday stepped-in and silently pushed an update for all macOS users that automatically removes the Zoom web server without requiring any user interaction, doesn't matter if you're still using the conferencing software or not. Worryingly, according to an advisory published by National Vulnerability Database (NVD), the newly discovered RCE flaw also works against users who have already uninstalled the conferencing software, but its web server is still activated and listens on port 19421.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |