Zoom patches XMPP vulnerability chain that could lead to remote code execution


Zoom users should update to version 5.10.0 to fix a number of security flaws discovered by Google Project Zero security researcher Ivan Fratric.

Fratric was able to find an attack chain that might lead to remote code execution by looking at how Zoom’s server and clients process XMPP messages differently due to the fact that they use separate XML parsing libraries. Read More…