Menlo Security Cloud Security Platform receives FedRAMP® Authorization
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Jul 10, 2019
Share this article
If you have been following the news, you probably noticed that the Internet is abuzz about the latest vulnerability in Zoom. The attack was identified by Jonathan Leitschuh, a security researcher who has detailed the vulnerability and has provided a PoC to reproduce the attack in this blog post. I would highly recommend that everyone give it a read and take the necessary actions per your company policy.
Browsers have and will be one of the most important vectors for an attacker to launch an attack. Over the years the browser has transformed from being used just for Internet browsing to being a platform that is now capable of running applications and other advanced technologies. Attackers are continuously assessing platforms for vulnerabilities. In 2018 and early 2019, we saw IE and Chrome zero days being used by attackers in the wild, and now it’s Zoom’s turn.
The vulnerability is in how Zoom launches a meeting. The meeting is launched via the website interacting with a local web server, which then launches a desktop application. This bypasses all the sandbox functionality built into the browser.
When a user installs the Zoom application, it installs a local web server on the endpoint. The local web server has an API that accepts commands. An attacker can host a malicious website that can issue a GET request to the Zoom web server running on localhost. An attacker can then pass commands to:
When a user accesses a malicious website through isolation, all the resources loaded by the malicious website are loaded by the Menlo cloud browser, in disposable virtual containers that cannot communicate with localhost on the user’s machine. Malicious code never reaches the endpoint and malicious GET requests triggered by tags such as “img” are not issued by the client browser, preventing the malicious site from reaching the Zoom web server on the endpoint. The website may make requests in our secure containers to localhost, but it will not find any server running on that port, thereby preventing this attack.
Attackers go after popular platforms. Zoom is a very popular video conferencing application and it wouldn’t be surprising if the PoC that is published by the security researcher starts getting used by attackers for nefarious reasons. While Menlo Security’s isolation product protects against this attack, we recommend that security admins update their Zoom apps immediately.
Posted by Menlo Security on Jul 10, 2019
Tagged with Isolation, Vulnerabilities
Protecting the Remote Workforce
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.