Zoom Patches “Zero-Click” RCE Bug

Deepraj R
Reviewed by
Nash N Sulthan
Published on
31 May 2022
1 min read

A medium-severity vulnerability found by Google Project Zero researcher Ivan Fratric and named as “XMPP stanza smuggling” has been patched by Zoom. It has a CVSS severity rating of 5.9 and is tracked as CVE-2022-22787.

It affects the majority of operating systems, including Windows, macOS, iOS, and Android users. Zoom has urged us to update its client software to the latest 5.10.0 version.

Being a zero-click vulnerability, even without any action from a user, the vulnerability can be exploited.

Even the highly tech-aware users can fall prey to them.

All it is required for the attacker is to be able to send messages to the victim over the Zoom chat with the XMPP (Extensible Messaging Presence Protocol). XMPP is used to send XML elements between 2 connections. It is used to exchange messages and the presence information (whether they are online or not) in real-time, which is implemented in Zoom chat functionality.

Also, Zoom stated in its security bulletin, that the earlier version fails “to properly validate the hostname during a server switch request.”

The vulnerability can be utilized for numerous evil purposes - ranging from spoofing the messages to make them seem to originate from a different user to send control messages to make them seem to come from the server.

It can even allow the bad actor to exploit the ClusterSwitch.

For the POC, Fratric replaced the Zoom’s web server’s domain with another server he controlled, which in turn enabled him to see the traffic flow between the client and the Zoom web server.

He also stated that, “This, in turn, allowed me to MITM the client update process and escalate to arbitrary code execution.”

In order to mitigate the threat, just make sure you have updated your Zoom to the latest version (5.10.0).

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Deepraj R
Deepraj R
Content Specialist
Nash N Sulthan
Nash N Sulthan
Cyber Security Lead Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.