The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android.
Zoom Video Communications has disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, potentially allow attackers to escalate privileges on affected systems.
The vulnerabilities highlight significant risks for users across various platforms, including Windows, macOS, Linux, iOS, and Android.
CVE-2024-39825 & CVE-2024-39818 are particularly concerning among the disclosed vulnerabilities, with a high CVSS score of 8.5. An authenticated user can exploit this buffer overflow vulnerability to escalate privileges through network access.
CVE-2024-39818 vulnerability involves a protection mechanism failure in some Zoom Workplace Apps and SDKs, which could allow an authenticated user to disclose information via network access.
The affected products include the Zoom Workplace Desktop Apps and Zoom Rooms Clients across all major operating systems, with versions prior to 6.0.0 being vulnerable.
Another notable vulnerability, CVE-2024-42441, affects the Zoom Workplace Desktop App and Meeting SDK for macOS. This flaw in improper privilege management allows attackers to gain elevated access, potentially compromising sensitive data or disrupting operations.
Similarly, CVE-2024-42443, affecting the Linux platform, involves improper input validation, posing a medium-level threat.
Zoom has urged users to update their applications to the latest versions to mitigate these risks. The company has released patches addressing these vulnerabilities, emphasizing the importance of maintaining updated software to protect against potential exploits.
(https://cybersecuritynews.com/)
