Saturday, September 7, 2024
HomeCVE/vulnerabilityZoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

Zoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

Published on

Zoom Video Communications has recently disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients.

These vulnerabilities, identified in multiple security bulletins, pose significant risks, potentially allowing attackers to escalate privileges on affected systems.

The issues impact users across various platforms, including Windows, macOS, Linux, iOS, and Android.

- Advertisement - EHA

High-Risk Vulnerabilities Identified

Among the disclosed vulnerabilities, CVE-2024-39825 and CVE-2024-39818 stand out due to their high Common Vulnerability Scoring System (CVSS) score of 8.5.

These vulnerabilities involve a buffer overflow issue that an authenticated user can exploit to escalate privileges through network access.

Specifically, CVE-2024-39818 involves a protection mechanism failure in some Zoom Workplace Apps and SDKs, allowing an authenticated user to disclose information via network access.

The affected products include the Zoom Workplace Desktop Apps and Zoom Rooms Clients across all major operating systems, with versions before 6.0.0 being vulnerable. Users are urged to update their applications to mitigate these risks.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Additional Vulnerabilities and Their Impact

Another notable vulnerability, CVE-2024-42441, affects the Zoom Workplace Desktop App and Meeting SDK for macOS.

This flaw in improper privilege management allows attackers to gain elevated access, potentially compromising sensitive data or disrupting operations.

Similarly, CVE-2024-42443, affecting the Linux platform, involves improper input validation, posing a medium-level threat.

Zoom has responded by releasing patches addressing these vulnerabilities and has emphasized the importance of maintaining updated software to protect against potential exploits.

Users can download the latest updates from Zoom’s official website to ensure their systems are secure.

Recommendations and Ongoing Challenges

The vulnerabilities underscore the ongoing challenges in securing widely-used communication platforms like Zoom, which have become integral to business and personal communications worldwide.

In response to these vulnerabilities, cybersecurity experts recommend updating to the latest software versions and implementing additional security measures.

These measures include network segmentation and restricting unnecessary network access to protect against potential threats. As communication platforms continue to evolve, maintaining robust security practices remains crucial.

Zoom’s proactive approach to addressing these vulnerabilities highlights the importance of vigilance and timely updates in safeguarding digital communication tools.

Users are encouraged to stay informed about security updates and to apply them promptly to minimize risks associated with cyber threats.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...