Zoom recently disclosed multiple vulnerabilities affecting its suite of applications, including a critical flaw that could allow attackers to execute remote code.
The Zoom app vulnerabilities, identified by CVE numbers, range from medium to high severity and impact various Zoom products across multiple platforms.
Critical Vulnerabilities
The most severe vulnerability, CVE-2024-45421, is a buffer overflow issue with a high CVSS score of 8.5. This flaw could allow an authenticated user to escalate privileges via network access, potentially leading to remote code execution.
The vulnerability affects a wide range of Zoom products, including the Workplace App, Rooms Client, Video SDK, and Meeting SDK across Windows, macOS, iOS, Android, and Linux platforms.
Another high-severity vulnerability, CVE-2024-45419, involves improper input validation. With a CVSS score of 8.1, this flaw could enable an unauthenticated user to disclose sensitive information through network access.
Free Ultimate Continuous Security Monitoring Guide - Download Here (PDF)
Several other vulnerabilities were also disclosed:-
- CVE-2024-45422: An improper input validation issue that could lead to denial of service attacks.
- CVE-2024-45420: Uncontrolled resource consumption vulnerability potentially causing denial of service.
- CVE-2024-45418: A symbolic link following vulnerability in macOS installers.
- CVE-2024-45417: Uncontrolled resource consumption in macOS installers that could lead to information disclosure.
While the vulnerabilities impact a broad spectrum of Zoom products, which includes:-
- Zoom Workplace App
- Zoom Rooms Client and Controller
- Zoom Video SDK
- Zoom Meeting SDK
These issues affect most products’ versions prior to 6.2.0, with some macOS-specific vulnerabilities present in versions before 6.1.5.
Zoom has urged users to update their applications to the latest versions available at zoom[.]us/download. By applying these updates, users can protect themselves against potential exploits targeting these vulnerabilities.
The disclosure of these vulnerabilities highlights the importance of prompt patching and regular software updates in maintaining cybersecurity.
As Zoom continues to be a critical tool for remote communication and collaboration, addressing these security issues is crucial for protecting user data and ensuring the integrity of virtual meetings and communications.
Attend a Free Webinar on How to Maximize Cybersecurity Program ROI