- Aug 17, 2014
- Content source
A security blip in the current version of Zoom could inadvertently leak users’ data to other meeting participants on a call. However, the data is only leaked briefly, making a potential attack difficult to carry out.
The flaw (CVE-2021-28133) stems from a glitch in the screen sharing function of video conferencing platform Zoom. This function allows users to share the contents of their screen with other participants in a Zoom conferencing call. They have the option to share their entire screen, one or more application windows or just one selected area of their screen.
However, “under certain conditions” if a Zoom presenter chooses to share one application window, the share-screen feature briefly transmits content of other application windows to meeting participants, according to German-based SySS security consultant Michael Strametz, who discovered the flaw, and researcher Matthias Deeg, in a Thursday disclosure advisory (which has been translated via Google).
“The impact in real-life situations would be sharing confidential data in an unintended way to unauthorized people,” Deeg told Threatpost.
The current Zoom client version, 5.5.4 (13142.0301), for Windows is still vulnerable to the issue, Deeg told Threatpost.
Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data
A glitch in Zoom's screen-sharing feature shows parts of presenters' screens that they did not intend to share – potentially leaking emails or passwords.