XMPP is a popular instant messaging protocol based on XML that is used in messengers, online games and other applications.
This talk will introduce a new way of attacking XMPP client software: XMPP stanza smuggling. More specifically, it will show how seemingly subtle quirks in XML parsing can be exploited to "smuggle" attacker-controlled XMPP control messages to the victim client and how the design of the XMPP protocol makes it especially susceptible to such issues. It will be demonstrated how such issues led to 0-click remote code execution in the Zoom client.
Presented by Ivan Fratric
Full Abstract and Presentation Materials: www.blackhat.c...
16 ноя 2022
