[Thread]
The kind folk at http://www.cyber-itl.org shared a new @zoom_us security issue with me.
I want to take this opportunity to describe:
The issue
How Zoom et al should fix it
How purchasers should identify it before corporate purchasing
What individuals should do
1/
-
-
Sure, coding it this way is gross and wrong, but the unsanitized input is not attacker-controllable as you suggested
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Jaan is correct. I was trying to highlight identifying poor security hygiene prior to shipping. Feel free to choose another concerning example in the code: There are 453 calls to known bad functions (unbounded copies, bad random, access(), etc.) 6316 to risky ones like popen
-
How many users does Linux Zoom have? The real questions are “How much code is shared with the Windows and especially macOS clients?” and “Do the other clients share the same level of (in)security?” (Unfortunately, the answerer has a non-negligible advantage for the 2nd question.)
End of conversation
New conversation -
-
-
I have discovered that bash allows execution of arbitrary programs!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.