Israeli security firm Check Point has worked with Zoom to fix an issue with Zoom vanity URLs.
Vanity URLs give companies a way to add their branding to their Zoom URLs. Companies could even add a customized website to the service. Unfortunately for Zoom, the vanity URLs had a serious security flaws.
According to Check Point’s research, “an attacker could have attempted to impersonate an organization’s Vanity URL link and send invitations which appeared to be legitimate to trick a victim. In addition, the attacker could have directed the victim to a sub-domain dedicated website, where the victim entered the relevant meeting ID and would not be made aware that the invitation did not come from the legitimate organization.”
This is just the latest in a long string of Zoom security issues that have come to the surface as the platform has gained in popularity. Zoom has been working to close the holes and improve security all around.
According to Check Point, the vanity URL vulnerabilities “were responsibly disclosed to Zoom Video Communications, Inc. as part of our ongoing partnership and cooperation. This security issue has been fixed by Zoom, so the exploits described are no longer possible.”