CVE-2021-28133

Name of the Vulnerable Software and Affected Versions: Zoom versions through 5.5.4

Description: The issue allows attackers to read private information on a participant's screen, even if the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can be seen for a short period of time when they overlay the shared window and get into focus. An attacker can use a separate screen-recorder application to save all such contents for later replays and analysis. Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.

Recommendations: For Zoom versions through 5.5.4, as a temporary workaround, consider disabling the Share Screen functionality until a patch is available. Restrict access to sensitive information when sharing application windows to minimize the risk of exploitation. Avoid using the Share Screen feature for sensitive applications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.