Overview of Zoom Vulnerability TIR-20210321
This report is about a vulnerability found in the popular virtual meeting application known as Zoom. The vulnerability has no known patch at the time this report was written. The vulnerability may allow users in the meeting to see information on a screen-share that they were not authorized to view.
Tactics, Techniques, and Procedures
Successful exploitation of this vulnerability occurs when a user shares a specific application on their screen such as a web browser but, for a short time other meeting participant can see the contents of open applications in the screen-share. Applications that are not explicitly shared can be seen by other users when newly created windows overlay the content being shared. Depending on the sensitivity of the environment and the level of privileges the affected user possesses this could increase or reduce the severity of the vulnerability. If the meeting is recorded than someone watching it can pause the recording and read the contents of the screen-share. The unintentionally shared content can realistically be seen if the meeting is being recorded as it flickers on the screen-share way too fast for the human eye to register in real time. This vulnerability affects the Zoom client through version 5.5.4.
Business Unit Impact
- May lead to the leakage of sensitive information such as email inbox content.
- May provide for intelligence gathering opportunities depending on the type of content being briefly shared.
It is highly encouraged that you reduce the number of times screen-sharing is used by employees with external entities unless required by a certain user’s job function. Check the vendor’s website for updates and update the Zoom client when appropriate.
- MITRE Mapping(s)
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.