CVE-2019-13567: The client zooms in on 4.4.53932.0709 under macOS allows you to run the remote code, a different security vulnerability than CVE-2019-13450. If the ZoomOpener demon (also called a hidden web server) is running, but the Zoom client is not installed or cannot be opened, an attacker can run the code remotely with a maliciously created startup URL. NOTE: ZoomOpener is removed from the Apple Malware Removal Tool (MRI) when activated and has the MRTConfigData 2019-07-10. Zoom provides remote conference services that combine video conferencing, online meetings, chat and mobile cooperation. When using Zoom, health care providers indicate Protected Health Information (PHI) for Shared Use. Zoom, because it performs functions involving the use or disclosure of protected health information (PHI) of a covered company, is considered a business partner of that covered company. CVE-2019-13450: On Customer Zoom via 4.4.4 and RingCentral 7.0.136380.0312 under macOS, remote attackers can force a user to participate in a video call with the active video camera. This is due to the fact that any site can interact with the web server zoom on the localhost port 19421 or 19424. NOTE: A computer remains vulnerable when the Zoom client has been installed in the past and then uninstalled. Blocking use requires additional steps. B, such as ordering ZDisableVideo and/or deleting the web server, deleting the .zoomus directory and creating a simple file.
CVE-2014-5811: The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not check X.509 certificates on SSL servers, allowing man-in-the-Middle attackers to falsify servers and obtain confidential information about a designed certificate. In accordance with HIPAA`s data protection rule, a health care provider must receive satisfactory assurances from its counterpart that the counterparty adequately protects the protected health information it receives or creates on behalf of the insured company. How does this relate to HIPAA? Protected health information includes electronically protected health information (ePHI) which consists of all protected health information (PHI) that is created, stored, transmitted or received in any format or electronic medium, such as. B HIPAA compliant phone calls. Because Zoom is a cloud-based video and web conferencing platform, it allows people from different locations to attend meetings, disclose documents and cooperate seamlessly. The platform supports webinars and has an IM business function that offers much of the same functionality as Skype. Focus for Telehealth allows businesses and providers to easily communicate with patients, healthcare teams and other organizations in accordance with HIPAA. The service integrates authentication and access commands and uses end-to-end AES-256 bit encryption to secure all communication. This year, Zoom announced its partnership with a global telehealth integrator and the platform has been improved to support comprehensive occupational health processes. The short answer is „yes.“ Zoom`s business plan provides encryption at the end and meeting access commands, so that data cannot be intercepted during transmission.