Videocall app Zoom was already under a magnifying glass in the United States at the end of March, after questioning Zoom’s ability to guarantee user privacy. On top of that, a number of vulnerabilities have now been discovered that could be exploited by hackers.
Two vulnerabilities were denounced by Patrick Wardle of Jamf Software. In a statement to TechCrunch, Wardle believes that the vulnerabilities could be used to steal data from users, although access must first have been gained to the computer on which Zoom is located.
In the case of the first vulnerability, code could be injected into Zoom’s application files and then access the webcam and microphone of Mac users. In the second case, the vulnerability could allow a hacker to access the root of a device, which in turn could be used to place backdoors.
The vulnerabilities found are disclosed the day after an already significant problem. BleepingComputer announced early this week that users of the Windows version of Zoom were also at risk. Chats on Zoom automatically convert links into hyperlinks, which is innocent in itself. Nevertheless, it can cause problems, since UNC links (which link to an external system) are also automatically converted into a hyperlink. If you are not aware of this, you could send your login details to a malicious party (scrambled, but this can be undone) after which they will have access to the user’s Windows account.
Although Zoom saw its user numbers multiply, the negative publicity surrounding the vulnerabilities and the privacy question marks do lead to a decline in the value of the shares. In a single day, Zoom’s share price dropped by six percent.