Zoom Video Communications has disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, potentially allow attackers to escalate privileges on affected systems.
The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android.
CVE-2024-39825 & CVE-2024-39818 are particularly concerning among the disclosed vulnerabilities, with a high CVSS score of 8.5. An authenticated user can exploit this buffer overflow vulnerability to escalate privileges through network access.
CVE-2024-39818 vulnerability involves a protection mechanism failure in some Zoom Workplace Apps and SDKs, which could allow an authenticated user to disclose information via network access.
The affected products include the Zoom Workplace Desktop Apps and Zoom Rooms Clients across all major operating systems, with versions prior to 6.0.0 being vulnerable.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
Another notable vulnerability, CVE-2024-42441, affects the Zoom Workplace Desktop App and Meeting SDK for macOS. This flaw in improper privilege management allows attackers to gain elevated access, potentially compromising sensitive data or disrupting operations.
Similarly, CVE-2024-42443, affecting the Linux platform, involves improper input validation, posing a medium-level threat.
Zoom has urged users to update their applications to the latest versions to mitigate these risks. The company has released patches addressing these vulnerabilities, emphasizing the importance of maintaining updated software to protect against potential exploits.
Users can download the latest updates from Zoom’s official website to ensure their systems are secure.
The vulnerabilities underscore the ongoing challenges in securing widely-used communication platforms like Zoom, which have become integral to business and personal communications worldwide.
In response to these vulnerabilities, cybersecurity experts recommend not only updating to the latest software versions but also implementing additional security measures such as network segmentation and restricting unnecessary network access.
Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces