Zoom Issues Security Update Addressing Vulnerabilities in Workplace and SDK Apps
Zoom Video Communications has issued a security bulletin addressing multiple vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients across various platforms. These flaws could allow attackers to escalate privileges, disclose sensitive information, and even execute arbitrary code.
The most severe vulnerability, CVE-2024-45421 (CVSS 8.5), is a buffer overflow issue that could allow an authenticated user to gain elevated privileges via network access. This vulnerability impacts Zoom Workplace App, Zoom Rooms Client, Zoom Video SDK, and Zoom Meeting SDK for Windows, macOS, iOS, Android, and Linux before version 6.2.0.
Another high-severity vulnerability, CVE-2024-45419 (CVSS 8.1), involves improper input validation. This flaw could enable an unauthenticated attacker to access sensitive information through network access. It affects the same range of Zoom products as CVE-2024-45421.
The security bulletin also details several other vulnerabilities, including:
- CVE-2024-45422 (CVSS 6.5): Zoom Apps – Improper Input Validation
- CVE-2024-45420 (CVSS 4.3): Zoom Apps – Uncontrolled Resource Consumption
- CVE-2024-45418 (CVSS 5.4): Zoom Apps for macOS – Symbolic Link Following
- CVE-2024-45417 (CVSS 6.0): Zoom Apps for macOS – Uncontrolled Resource Consumption
Zoom urges all users to update their applications to version 6.2.0 or later immediately. This update includes patches for all identified vulnerabilities and is crucial for mitigating the risk of potential attacks.
Users can download the latest versions of Zoom applications from the official Zoom website.