Security Alerts blog

Google Project Zero Detect Vulnerabilities in Zoom

Vulnerabilities in ZoomVulnerabilities in Zoom

Security experts from Google Project Zero detected two vulnerabilities in the video conferencing application Zoom that heavily expose users to attacks. These vulnerabilities have an impact on Zoom clients who use Windows, macOS, Linux, iOS and Android. 

The impact 

The first vulnerability, known as CVE-2021-34423 has a harsh effect on buffer overflow vulnerability that was given a CVSS base score of 7.3. 

The second flaw discovered by the company says that it is related to a memory corruption issue, recognised as CVE-2021-34424, that received a CVSS base score of 7.3. 

Affected Zoom products: 

  • Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4 
  • Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1 
  • Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4 
  • Zoom Client for Meetings for Chrome OS before version 5.0.1 
  • Zoom Rooms for Conference Room (for Android, AndroidBali, macOS and Windows) before version 5.8.3 
  • Controllers for Zoom Rooms (for Android, iOS and Windows) before version 5.8.3 
  • Zoom VDI before version 5.8.4 
  • Zoom Meeting SDK for Android before version 5.7.6.1922 
  • Zoom Meeting SDK for iOS before version 5.7.6.1082 
  • Zoom Meeting SDK for macOS before version 5.7.6.1340 
  • Zoom Meeting SDK for Windows before version 5.7.6.1081 
  • Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2 
  • Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115 
  • Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115 
  • Zoom On-Premise Recording Connector before version 5.1.0.65.20211116 
  • Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117 
  • Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117 
  • Zoom Hybrid Zproxy before version 1.0.1058.20211116 
  • Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 

The remediation 

Remediations for vulnerabilities in Zoom have not been released yet. Therefore, the best patch would always be to update the app with the latest version. 

Source: Security Affairs

Risk Crew

Share
Published by
Risk Crew
Tags: Vulnerabilities in Zoom
4 years ago

Recent Posts

ISO 42001: Key Insights You Need to Know

Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…

3 months ago

ISO 27001 Requirements | Your Roadmap to Compliance

Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…

3 months ago

DORA | DISCOVERY SESSION

4 months ago

DORA Compliance Checklist | GUIDE

4 months ago

Essential Red Team KPIs & Metrics | GUIDE

5 months ago

How to Get Ready for a Penetration Test

It is an undeniable fact that all applications and infrastructures are essentially in need of…

5 months ago