Zoom is leaking your sensitive data to strangers, allowing hackers access to Windows password: Report

After the iOS vulnerability found last week, security researchers claim to have found a bunch of new vulnerabilities in the app.

With lockdowns around the world forcing people to stay in, video conferencing app Zoom's popularity has exploded like never before. This week, Zoom became the top free app on the App Store and Google Play Store. Although, while on one hand, Zoom was becoming a popular choice for people trying to connect with friends and office colleagues, on the other hand, the app was found to be sending iOS users' data to Facebook without their knowledge. Zoom, however, patched the issue soon after the discovery and refused any such activity.

Now, just a week after that, a few security researchers claim to have found a bunch of other vulnerabilities in the app.

Zoom video conferencing app

Zoom video conferencing app

The first flaw was discovered by a security researcher who goes by the handle @g0dmode on Twitter, and it's about UNC paths. Per the researchers, the Zoom on Windows is converting networking UNC paths into a clickable link in the chat message. Essentially, this means, that the Windows version of the app is allowing hackers to capture Windows passwords.

Besides that, Zoom app on Mac, there are two distinct loopholes, which can allow an attacker to can gain access to the computer once exploited and install malware or spyware, without letting users know about the backdoor entry. Apparently, this loophole comes via the installer for the app, which can easily be injected with malicious codes. This flaw was spotted by researcher Patrick Wardle and was first reported by TechCrunch.

Another security researcher re-iterated the same issue.

Wardle found another bug in the Mac client, that could allow an attacker to inject malicious code to access the webcam and microphone of the system.

Take a deep breath, because that's not all!

Another report by Vice claims that Zoom has an issue that is grouping individuals to a particular 'Company Directory', which is otherwise meant for users within the same company with similar email domain. Due to the issue, reportedly, personal information of users, such as email address and photo, is available to unknown users in an unsolicited manner.

Zoom responded to the report with a response saying that they had blacklisted the domain that were spamming users:

Zoom maintains a blacklist of domains and regularly proactively identifies domains to be added. With regards to the specific domains that you highlighted in your note, those are now blacklisted.

Zoom also says that it allows users to request other domains to be removed from the Company Directory feature.

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.