Zoom Customers Advised to Update Software to Fix Security Vulnerabilities

Zoom, a popular video conferencing platform, has released security updates to fix three vulnerabilities that could allow attackers to take control of a user’s account or system.

Zoom Vulnerabilities

The first vulnerability, CVE-2023-39215 (CVSS score of 7.1), is an improper authentication issue that affects all Zoom clients for Windows, macOS, Linux, and Android. An authenticated attacker could exploit this vulnerability to conduct a denial of service (DoS) attack against a Zoom meeting. This vulnerability affects the Zoom Desktop Clients across Windows, macOS, and Linux platforms. The Zoom VDI Client and Zoom Mobile Apps for both Android and iOS aren’t spared either, nor are the Zoom Meeting SDKs.

The second vulnerability, CVE-2023-39208 (CVSS score of 6.5), is an improper input validation issue that affects the Zoom Desktop Client for Linux. An unauthenticated attacker could exploit this vulnerability to conduct a DoS attack against the Zoom client. The Zoom Desktop Client for Linux, prior to version 5.15.10, seems to have an improper input validation issue.

The third vulnerability, CVE-2023-39201 (CVSS score of 7.2), is an untrusted search path issue that affects CleanZoom, a tool that is used to remove Zoom recordings from a user’s system. A privileged user could exploit this vulnerability to escalate their privileges on the system. If you’re using CleanZoom dated before 07/24/2023, you’re in the danger zone.

Zoom has released patches for all of these vulnerabilities. Users are advised to update their Zoom software as soon as possible to protect themselves from these attacks.

To stay safe from these vulnerabilities, users should:

  • Update their Zoom software to the latest version.
  • Be careful about opening links and attachments from untrusted sources.
  • Use a strong password for their Zoom account.
  • Enable two-factor authentication for their Zoom account.

By following these simple steps, users can help to protect themselves from these security vulnerabilities.