Analyst says Zoom web server is defenseless against remote code execution

Analyst says Zoom web server is defenseless against remote code execution
Spread the love

For Zoom, the hits simply continue coming. The most recent is the arrival of a long-mooted remote code execution (RCE) misuse that is said to be harboured in the controversial local web server which had been installed on Macs to avoid an extra click for clients.

The analyst who started the debacle for Zoom, Jonathan Leitschuh, said on Twitter on Friday that a RCE currently existed for it.

“That @zoom_us daemon (hidden web server) is now known to have a Remote Code Execution Vulnerability!” he wrote.

“Mac Admins: make sure Zoom is up to date or that daemon is removed!

“Specifically, you are vulnerable if you’ve uninstalled the Zoom application from your computer without killing the ZoomOpener process and then deleting ~/.zoomus directory.”

The exploit is set to be handled the CVE-2019-13567 label.

One twitter client showed off the exploit in action.

On Thursday, Apple revealed a quiet update that killed off Zoom utilizing its malware removal infrastructure.

Toward the beginning of the furor, Zoom defended the utilization of the web server, saying to ZDNet in an explanation that it was a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator”.

The following day, Zoom said it would walk back its local web server support in a fix patch prepared for Tuesday night.

Zoom told ZDNet previously its change in course was in light of client feedback, not security concerns.

“There was never a remote code execution vulnerability identified,” the organization said two days back.

“Zoom decided to remove the web server based on feedback from the security community and our users.”

Leitschuh said toward the beginning of the week the use of the local server was a fundamental security vulnerability, and sites ought not communicate with applications in such a fashion.

“Let me start off by saying having an installed app that is running a web server on my local machine with a totally undocumented API feels incredibly sketchy to me,” he wrote.

“Secondly, the fact that any website that I visit can interact with this web server running on my machine is a huge red flag for me as a Security Researcher.”

Gabriel Fetterman
Topics #Jonathan Leitschuh #ZDNet #Zoom #Zoom web server
Gabriel Fetterman

Gabriel Fetterman has been writing since an early age. When in school, he wrote stories plagiarized from what he'd been reading at the time, and sold them to his friends. This was not popular among his teachers, and he was forced to return his profits when this was discovered. After finishing his university studies with a B.S. in English, Gabriel took a job as an English teacher. During this period, Gabriel began a number of short stories. Recently he starts to write news articles. Gabriel publishes articles on as a free lance writer.

error: Content is protected !!