Zoom security flaw lets other people see way too much

Zoom security flaw lets other people see way also much

(Image credit: Zoom)

A security glitch in Zoom'southward screen-sharing feature could potentially put users' data at risk. The flaw briefly lets people run across parts of a presenter's screen that shouldn't have been visible at all.

That means the presenter could inadvertently be broadcasting sensitive information, such as usernames and passwords, without even realizing it. Plus there's ever the potential for embarrassing stuff to show upwards at the same time.

These are the best video conversation apps you can use correct now
Non a fan of Zoom? Here are the best Zoom alternatives for video calling
Plus: Apple AR headset leak reveals eye tracking — and it looks like a game changer

Zoom gives presenters the selection to share a view of their entire screen, sure applications, or a very select area of the screen. This new flaw, discovered past SySS security consultants Michael Strametz and Matthias Deeg, means that "nether sure conditions" the single-awarding view doesn't work correctly.

Rather than broadcasting one app, and simply one app, viewers would briefly be able to see other windows on a presenter'due south screen.

The researchers found that other applications were only open up for "a brief moment", but that may well exist enough for a vigilant viewer to get a glimpse of sensitive information.

That's especially concerning if any participants are recording the meeting. Fifty-fifty if people can't annals whatsoever data during the cursory moment the other screens are visible, viewers could go back through their recordings and snoop around.

Of grade there are difficulties in exploiting this bug, since it would rely on an assailant actually being nowadays on the call in the starting time place. The severity also depends on how the kind of information that's shared. Items like the screens of password managers would be a major concern, equally would the contents of sensitive emails.

Then once more, if other Zoom meeting participants saw you looking at a Reddit folio of cute animals, it wouldn't exist as serious a problem. Information technology may exist a little embarrassing for that to be on brandish to anybody, but it's not going to negatively touch your life.

The flaw was reported to Zoom on December 2, but the researchers say that they are "not enlightened of a fix". The current version of Zoom for Windows, version 5.5.4 (13142.0301), is still vulnerable, and researchers say the problem can occur in a "reliably reproducible manner".

Zoom told Threatpost that information technology is aware of the upshot and is working to resolve the trouble. In the meantime, you should be more careful virtually the things you do while presenting on Zoom. Don't open up any applications you want to keep private.

More than: Zoom Bombing: How to go on trolls out of your Zoom meetings

Tom is the Tom's Guide'south Automotive Editor, which ways he can unremarkably exist establish human knee deep in stats the latest and all-time electrical cars, or checking out some sort of driving gadget. It's long style from his days as editor of Gizmodo United kingdom of great britain and northern ireland, when pretty much everything was on the table. He's commonly establish trying to squeeze another giant Lego gear up onto the shelf, draining very large cups of coffee, or lament that Ikea won't permit him buy the stuff he actually needs online.