Zoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

Zoom Video Communications has recently disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients.

These vulnerabilities, identified in multiple security bulletins, pose significant risks, potentially allowing attackers to escalate privileges on affected systems.

The issues impact users across various platforms, including Windows, macOS, Linux, iOS, and Android.

High-Risk Vulnerabilities Identified

Among the disclosed vulnerabilities, CVE-2024-39825 and CVE-2024-39818 stand out due to their high Common Vulnerability Scoring System (CVSS) score of 8.5.

These vulnerabilities involve a buffer overflow issue that an authenticated user can exploit to escalate privileges through network access.

Specifically, CVE-2024-39818 involves a protection mechanism failure in some Zoom Workplace Apps and SDKs, allowing an authenticated user to disclose information via network access.

The affected products include the Zoom Workplace Desktop Apps and Zoom Rooms Clients across all major operating systems, with versions before 6.0.0 being vulnerable. Users are urged to update their applications to mitigate these risks.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Additional Vulnerabilities and Their Impact

Another notable vulnerability, CVE-2024-42441, affects the Zoom Workplace Desktop App and Meeting SDK for macOS.

This flaw in improper privilege management allows attackers to gain elevated access, potentially compromising sensitive data or disrupting operations.

Similarly, CVE-2024-42443, affecting the Linux platform, involves improper input validation, posing a medium-level threat.

Zoom has responded by releasing patches addressing these vulnerabilities and has emphasized the importance of maintaining updated software to protect against potential exploits.

Users can download the latest updates from Zoom’s official website to ensure their systems are secure.

Recommendations and Ongoing Challenges

The vulnerabilities underscore the ongoing challenges in securing widely-used communication platforms like Zoom, which have become integral to business and personal communications worldwide.

In response to these vulnerabilities, cybersecurity experts recommend updating to the latest software versions and implementing additional security measures.

These measures include network segmentation and restricting unnecessary network access to protect against potential threats. As communication platforms continue to evolve, maintaining robust security practices remains crucial.

Zoom’s proactive approach to addressing these vulnerabilities highlights the importance of vigilance and timely updates in safeguarding digital communication tools.

Users are encouraged to stay informed about security updates and to apply them promptly to minimize risks associated with cyber threats.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download