[Cryptography] "Zoom's end-to-end encryption isn't
Sidney Markowitz
sidney at sidney.com
Sat Apr 4 01:39:56 EDT 2020
Ángel wrote on 4/04/20 2:30 pm:
> Well, today you have an even bigger piece of Zoom news. Citizen Lab
> found:
>
> - an undisclosed security issue with Zoom’s Waiting Room feature that
> they are waiting for Zoom to fix before publishing
Updates for Zoom on Windows and macOS showed up, though not Linux, iOS, or Android
Interesting note: Zoom updates are marked "prompt", or else "manual" which do
not prompt or notify the user no matter their preferences settings. This
update is the first one set to "prompt" since mid 2017, after 58 non-prompted
releases for Windows and 66 for macOS. I had not realized that my Zoom was 9
months out of date on one of my Macs until it started crashing regularly and I
manually checked for updates, something I thought was unnecessary after having
set preferences to notify me when an update is available.
Release notes:
https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows
April 2, 2020 Version 4.6.9 (19253.0401)
* Resolved an issue where a malicious party could use UNC links to leak a
user’s hashed password
* Resolved an issue where some users could access chat in a webinar when chat
was disabled
https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-macOS
April 2, 2020 Version 4.6.9 (19273.0402)
* Resolved an issue where a malicious party with local access could tamper
with the Zoom installer to gain additional privileges to the computer
* Resolved an issue where a malicious party with local access could gain
access to a user’s webcam and microphone
* Resolved an issue where some users could access chat in a webinar when chat
was disabled
More information about the cryptography
mailing list