{"id":48098,"date":"2022-08-22T06:20:10","date_gmt":"2022-08-22T06:20:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/"},"modified":"2022-08-22T06:20:10","modified_gmt":"2022-08-22T06:20:10","slug":"zoom-patches-make-me-root-security-flaw-patches-patch","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/","title":{"rendered":"Zoom patches make-me-root security flaw, patches patch"},"content":{"rendered":"<p><span class=\"label\">In brief<\/span> Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix.<\/p>\n<p>Patrick Wardle, cybersecurity researcher and founder of Objective-See, talked about <a href=\"https:\/\/speakerdeck.com\/patrickwardle\/youre-muted-rooted?slide=33\" rel=\"nofollow\">the two<\/a> macOS Zoom client vulnerabilities at Black Hat, both of which could be exploited a local unprivileged miscreant or rogue application to reliably escalate to root privileges.&nbsp;<\/p>\n<p>The two holes could be exploited together to, simply put, feed a malicious update to Zoom to install and run, which shouldn&#8217;t normally be allowed to happen.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Wardle <a href=\"https:\/\/twitter.com\/patrickwardle\/status\/1558642493272428544\" rel=\"nofollow\">gave Zoom credit<\/a> for issuing quick patches for the flaws, which the biz published individually on August <a href=\"https:\/\/explore.zoom.us\/en\/trust\/security\/security-bulletin\/?filter-cve=&amp;filter=&amp;keywords=22017\" rel=\"nofollow\">9<\/a> and <a href=\"https:\/\/explore.zoom.us\/en\/trust\/security\/security-bulletin\/?filter-cve=&amp;filter=&amp;keywords=22018\" rel=\"nofollow\">13<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>But look at <a href=\"https:\/\/explore.zoom.us\/en\/trust\/security\/security-bulletin\/\" rel=\"nofollow\">Zoom&#8217;s recent<\/a> security bulletins, and it becomes quickly clear that something went wrong: five days later a <a href=\"https:\/\/explore.zoom.us\/en\/trust\/security\/security-bulletin\/?filter-cve=&amp;filter=&amp;keywords=22019\" rel=\"nofollow\">third patch<\/a> was released for the same problem.&nbsp;<\/p>\n<p>&#8220;Zoom&#8217;s patch was\u2026 incomplete, I managed to bypass it,&#8221; macOS security researcher and Offensive Security content developer Csaba Fitzl <a href=\"https:\/\/twitter.com\/theevilbit\/status\/1560123877086347264\" rel=\"nofollow\">tweeted<\/a>. Fitzl didn&#8217;t release any details of how he managed to bypass the patch, but Zoom credits him with reporting the third exploit.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Zoom users on macOS are encouraged to update their client immediately to version 5.11.6, unless running a version older than 5.7.3. If that latter case sounds like you, it may be a good idea to upgrade for <a href=\"https:\/\/www.theregister.com\/2022\/05\/24\/zoom_rce_bug_patched\/\">plenty<\/a> of <a href=\"https:\/\/www.theregister.com\/2021\/08\/02\/zoom_legal\/\">other<\/a> <a href=\"https:\/\/www.theregister.com\/2021\/11\/15\/positive_zoom_flaw\/\">concerns<\/a> with Zoom&#8217;s security that have come to light since it rose to prominence during the pandemic.&nbsp;<\/p>\n<h3 class=\"crosshead\"> <span>Test mobile apps for JavaScript injection<\/span><br \/>\n<\/h3>\n<p>Worried your mobile apps are injecting JavaScript tracking tools into websites you visit? There&#8217;s a (web) app for that.<\/p>\n<p>As <a href=\"https:\/\/www.theregister.com\/2022\/08\/12\/meta_ios_privacy\/\">recently reported<\/a> by <em>The Register<\/em>, the in-app browsers in the iOS versions of Facebook and Instagram were caught injecting JavaScript trackers into webpages users visit. Fastlane security shop founder Felix Krause, who initially reported the issue, has since published <a href=\"https:\/\/inappbrowser.com\/\" rel=\"nofollow\">a simple website<\/a> that can tell users visiting it from an in-app browser whether or not a tracker has been injected by the app.<\/p>\n<p>&#8220;After reading through the replies and direct messages [regarding reporting from <em>The Register<\/em> and other sources], I saw a common question across the community: how can I verify what apps do in their webviews,&#8221; he wrote.<\/p>\n<p>Meta&#8217;s JavaScript injection effectively bypasses Apple&#8217;s restrictions on app tracking, and while Meta claims it&#8217;s <a href=\"https:\/\/twitter.com\/andymstone\/status\/1557825414176940035\" rel=\"nofollow\">not modifying traffic<\/a> in any way, Krause said it&#8217;s still a privacy risk, with apps &#8220;able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Worse yet, the behavior isn&#8217;t limited to Meta&#8217;s apps: per <a href=\"https:\/\/krausefx.com\/\" rel=\"nofollow\">Krause&#8217;s research<\/a>, Amazon and TikTok are also guilty of injecting JavaScript via their in-app browsers. Other untested apps may be as well.<\/p>\n<p>In TikTok&#8217;s case, the JavaScript it injects can monitor every keystroke (which would include passwords, credit card details, etc), what&#8217;s being tapped on the screen, and information about the elements users tap, within the in-app browser.&nbsp;TikTok said this monitoring was for debugging and performance-measuring purposes, and it&#8217;s <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/TikTokComms\/status\/1560709416030466048?\">not actually<\/a> collecting the info.<\/p>\n<p>Krause noted that his online tool may not detect all JavaScript injections, especially on newer versions of iOS. In 14.3, Apple added a form of sandboxing for JavaScript, &#8220;making it impossible for a website to verify what code is being executed,&#8221; Krause said.&nbsp;<\/p>\n<p>To find out if an app you use is injecting JavaScript into websites via its in-app browser, just navigate to <a href=\"https:\/\/inappbrowser.com\/\" rel=\"nofollow\">InAppBrowser.com<\/a> by DMing the link to yourself, posting or commenting it, and the tool <em>should<\/em> tell you if any scripts are running, malicious or not.<\/p>\n<h3 class=\"crosshead\"> <span>Researchers weaponize PLCs to attack OT networks<\/span><br \/>\n<\/h3>\n<p>Researchers with Claroty&#8217;s Team82 have demonstrated turning programmable logic controllers (PLCs) into network offensive tools.<\/p>\n<p>PLCs are a fundamental part of industrial and commercial operational technology (OT) that makes up factory floors, utility infrastructure, manufacturing facilities, and other heavy industry. Malware such as <a href=\"https:\/\/www.theregister.com\/2012\/06\/01\/stuxnet_joint_us_israeli_op\/\">Stuxnet<\/a>, which was used by America and Israel to damage Iran&#8217;s uranium-enrichment facilities, as well as <a href=\"https:\/\/www.theregister.com\/2022\/06\/28\/customized_malware_coded_to_target\/\">other modern threats<\/a> rely on internet-facing PLCs that lack proper protection.&nbsp;<\/p>\n<p>In previous cases, Team82 said in its <a href=\"https:\/\/claroty.com\/team82\/research\/evil-plc-attack-using-a-controller-as-predator-rather-than-prey\" rel=\"nofollow\">research report<\/a>, attacks involving PLCs were directly targeting the controllers. That&#8217;s not the case with their proof of concept, which they&#8217;ve named &#8220;Evil PLC Attack.&#8221;<\/p>\n<p>Evil PLC doesn&#8217;t attack the PLCs themselves at all: instead, it relies on vulnerabilities in engineering workstations that control them. By compromising a PLC with malicious code and triggering a fault, an engineer who downloads the PLC&#8217;s code to inspect can unwittingly compromises their own machine.&nbsp;The downloaded code relies on exploiting holes in software on the workstation.<\/p>\n<p>&#8220;We were able to find previously unreported vulnerabilities that allowed us to weaponize the affected PLCs and attack engineering workstations whenever an upload procedure occurred,&#8221; Team82 said.&nbsp;<\/p>\n<p>To make matters worse, seven of the most popular PLC makers \u2013 Rockwell Automation, Schneider Electric, GE, B&amp;R, XINJE, OVARRO and Emerson \u2013 were all found to be vulnerable. Team82 noted that all of the vulnerabilities it found were located in engineering workstation software made by those vendors, not the PLCs or their firmware.&nbsp;<\/p>\n<p>&#8220;In most cases, the vulnerabilities exist because the software fully trusted data coming from the PLC without performing extensive security checks,&#8221; Team82 said.&nbsp;<\/p>\n<p>While the vulnerabilities have largely been patched, Team82 warns that concerned organizations should focus just as much on protecting workstations as they do keeping vulnerable PLCs off the public internet.&nbsp;<\/p>\n<h3 class=\"crosshead\"> <span>Ransomware and BEC: A match made in the dark web<\/span><br \/>\n<\/h3>\n<p>Security researchers at Accenture have <a href=\"https:\/\/www.accenture.com\/us-en\/blogs\/security\/cybercriminals-weaponizing-leaked-ransomware-data\" rel=\"nofollow\">highlighted<\/a> the following point: the type of data being sold online after ransomware attacks is exactly the sort of stuff that&#8217;s ideal for launching business email compromise (BEC) attacks.&nbsp;<\/p>\n<p>BEC attacks involve compromising a legitimate business email account to use in scamming a company&#8217;s employees. Fake invoices, often with &#8220;new banking details,&#8221; are commonly used to trick staff into remitting massive payments, making BECs some of the <a href=\"https:\/\/www.theregister.com\/2022\/05\/05\/fbi_cyber_scams\/\">most popular and lucrative<\/a> cyber scams currently in circulation.<\/p>\n<p>According to Accenture, its team &#8220;found that the most disclosed data types overlap with the data types most useful for conducting BEC and [vendor email compromise] VEC attacks: financial, employee, and communication data, and operational documents.&#8221;&nbsp;<\/p>\n<p>One thing that has long held cyber criminals back from making greater use of data stolen during a ransomware attack, Accenture said, is the sheer volume of the data stolen. &#8220;The utility of dedicated leak site data has historically been limited by the difficulty of interacting with large quantities of poorly stored data,&#8221; the researchers said.&nbsp;<\/p>\n<p>New groups, however, are making that a problem of the past.&nbsp;<\/p>\n<p>The researchers pointed to at least two data leak sites that offer searchable indexed data on easily used, publicly-accessible sites, with individual records available for as little as a dollar. &#8220;Threat actors can search for specific files such as employee data, invoices, scans, contracts, legal documents [and] email messages,&#8221; as well as hunting for companies based on industry or location, Accenture said.&nbsp;<\/p>\n<p>Based on the types of data being stolen and sold, and the rise of indexed black data markets, Accenture said it &#8220;assesses that the primary factor driving an increased threat of BEC and VEC attacks \u2026 is the availability of data like that described above.&#8221;&nbsp;<\/p>\n<p>Let that be a warning to companies that have been victims of ransomware attacks: be aware of the signs of BEC, how to protect against it, and know that it could be a matter of time before you&#8217;re hit again. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/08\/22\/in-brief-security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Plus: See if in-app browsers are monitoring you, a novel industrial network attack technique, and more In brief\u00a0 Zoom fixed a pair of privilege escalation vulnerabilities, which were detailed at the Black Hat conference this month, but that patch was bypassed, necessitating yet another fix.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-48098","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Zoom patches make-me-root security flaw, patches patch 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zoom patches make-me-root security flaw, patches patch 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-22T06:20:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Zoom patches make-me-root security flaw, patches patch\",\"datePublished\":\"2022-08-22T06:20:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/\"},\"wordCount\":1280,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/\",\"name\":\"Zoom patches make-me-root security flaw, patches patch 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2022-08-22T06:20:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/zoom-patches-make-me-root-security-flaw-patches-patch\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zoom patches make-me-root security flaw, patches patch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zoom patches make-me-root security flaw, patches patch 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/","og_locale":"en_US","og_type":"article","og_title":"Zoom patches make-me-root security flaw, patches patch 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-08-22T06:20:10+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Zoom patches make-me-root security flaw, patches patch","datePublished":"2022-08-22T06:20:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/"},"wordCount":1280,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/","url":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/","name":"Zoom patches make-me-root security flaw, patches patch 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2022-08-22T06:20:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YwNnPbGFCYS4GDNz9qBDbAAAAJg&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/zoom-patches-make-me-root-security-flaw-patches-patch\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Zoom patches make-me-root security flaw, patches patch"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48098","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48098"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48098\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48098"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48098"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48098"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}