Tuesday, December 3, 2024
HomeCVE/vulnerabilityZoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

Zoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

Published on

SIEM as a Service

Zoom Video Communications has recently disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients.

These vulnerabilities, identified in multiple security bulletins, pose significant risks, potentially allowing attackers to escalate privileges on affected systems.

The issues impact users across various platforms, including Windows, macOS, Linux, iOS, and Android.

- Advertisement - SIEM as a Service

High-Risk Vulnerabilities Identified

Among the disclosed vulnerabilities, CVE-2024-39825 and CVE-2024-39818 stand out due to their high Common Vulnerability Scoring System (CVSS) score of 8.5.

These vulnerabilities involve a buffer overflow issue that an authenticated user can exploit to escalate privileges through network access.

Specifically, CVE-2024-39818 involves a protection mechanism failure in some Zoom Workplace Apps and SDKs, allowing an authenticated user to disclose information via network access.

The affected products include the Zoom Workplace Desktop Apps and Zoom Rooms Clients across all major operating systems, with versions before 6.0.0 being vulnerable. Users are urged to update their applications to mitigate these risks.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access

Additional Vulnerabilities and Their Impact

Another notable vulnerability, CVE-2024-42441, affects the Zoom Workplace Desktop App and Meeting SDK for macOS.

This flaw in improper privilege management allows attackers to gain elevated access, potentially compromising sensitive data or disrupting operations.

Similarly, CVE-2024-42443, affecting the Linux platform, involves improper input validation, posing a medium-level threat.

Zoom has responded by releasing patches addressing these vulnerabilities and has emphasized the importance of maintaining updated software to protect against potential exploits.

Users can download the latest updates from Zoom’s official website to ensure their systems are secure.

Recommendations and Ongoing Challenges

The vulnerabilities underscore the ongoing challenges in securing widely-used communication platforms like Zoom, which have become integral to business and personal communications worldwide.

In response to these vulnerabilities, cybersecurity experts recommend updating to the latest software versions and implementing additional security measures.

These measures include network segmentation and restricting unnecessary network access to protect against potential threats. As communication platforms continue to evolve, maintaining robust security practices remains crucial.

Zoom’s proactive approach to addressing these vulnerabilities highlights the importance of vigilance and timely updates in safeguarding digital communication tools.

Users are encouraged to stay informed about security updates and to apply them promptly to minimize risks associated with cyber threats.

Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...