Sri Lanka Computer Emergency Readiness Team (SLCERT) has warned that two critical flaws have been revealed in the Zoom application version 4.6.10. Releasing a statement SLCERT said the threat level is medium and through these vulnerabilities of the app, attackers can hack the zoom application via chat.
It also said however these flaws do not apply to the end to end encryption features that are only available to paid customers. “Cybersecurity researchers have identified two vulnerabilities which can be used to gain remote access to the system when using the free version,” the release said.
According to SLCERT, one vulnerability is found within the Zoom GIPHY service where an attacker can take over the system by merely sending maliciously crafted GIPHY message. The team also said that through the second flaw access to the system can be gained when code snippets are shared through chat.
SLCERT said the flaws could lead to the possibility of exposing confidential information to unauthorized parties.