CVE-2022-28764 refers to a recently discovered local information exposure vulnerability affecting the Zoom Client for Meetings on Android, iOS, Linux, macOS, and Windows devices. This vulnerability is present in Zoom Client versions before 5.12.6, and could allow malicious local users to access sensitive meeting information, including in-meeting chat data from the previous meeting attended on the device. This post will discuss the details of the vulnerability, including how it works, what data is at risk, and how you can mitigate the issue.
Details of Vulnerability
The vulnerability CVE-2022-28764 exists due to a failure to properly clear data from a local SQL database after a Zoom meeting has concluded, combined with the use of an insufficiently secure per-device key to encrypt that database. As a result, a local user with malicious intent may be able to access sensitive meeting information, such as the in-meeting chat for the previous meeting attended on that local user account.
The following code snippet demonstrates the vulnerability
// Local SQL database file storing meeting information
File localSQLDB = new File("path/to/Zoom/local/database");
// Insufficiently secure per-device key to encrypt the database
String encryptionKey = "WeakZoomDeviceKey";
// Try to access the content of the local SQL database
try {
// Read and decrypt the content of the local SQL database
String decryptedData = decrypt(localSQLDB, encryptionKey);
// Extract the in-meeting chat for the previous meeting attended
String inMeetingChat = extractChat(decryptedData);
// Perform malicious actions with the exposed sensitive data
saveToFile(inMeetingChat, "path/to/MaliciousOutput.txt");
} catch (Exception e) {
System.err.println("Failed to exploit the vulnerability: " + e.getMessage());
}
Original references for this vulnerability are available at CVE Details and at NIST National Vulnerability Database.
Exploit Details
An attacker needs physical access to the victim's device in order to exploit this vulnerability. By utilizing tools like custom scripts, the attacker can potentially gain access to local SQL databases and the encryption key, bypassing the intended protection mechanisms implemented by Zoom. Once the attacker has accessed the encrypted database and decrypted it using the weak per-device key, they can obtain sensitive meeting data, such as chat logs from the previous meeting attended by the user.
To alleviate the risk posed by this vulnerability, the following actions are recommended
1. Update your Zoom Client for Meetings to version 5.12.6 or later, which is not susceptible to this vulnerability. The latest version of the Zoom Client can be downloaded from the Zoom Download Center.
2. Ensure that your device's physical security is maintained, and avoid leaving it unattended or accessible to unauthorized individuals.
3. Regularly monitor and update your device's software and security settings to protect against possible future vulnerabilities.
Conclusion
CVE-2022-28764 is a serious vulnerability affecting the Zoom Client for Meetings on various platforms, but by promptly updating the application and following best practices for device security, users can minimize the risk of information exposure. Stay informed about security vulnerabilities and updates by regularly checking official sources and applying patches in a timely manner.
Timeline
Published on: 11/14/2022 21:15:00 UTC
Last modified on: 11/17/2022 22:03:00 UTC