An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory.
Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both Zoom clients and Multimedia Router (MMR) servers, which transmit audio and video content between clients in on-premise deployments.
The weaknesses have since been addressed by Zoom as part of updates shipped on November 24, 2021.
