Ticker

6/recent/ticker-posts

Zoom Found Critical Vulnerabilities Let Attackers Escalate Privileges ! Update Now

Zoom Video Communications has uncovered a few basic vulnerabilities influencing its Work environment Apps, SDKs, and Rooms Clients. These vulnerabilities, recognized in different security bulletins, possibly permit assailants to raise benefits on influenced systems.

The vulnerabilities highlight noteworthy dangers for clients over different stages, counting Windows, macOS, Linux, iOS, and Android.

What do we discuss in this article?

Zoom critical vulnerability CVE-2024-39825

Zoom critical vulnerability CVE-2024-39818

Remediation

Impact 

Affected Applications

You may like to read about : MacOS No Longer Support VS Code For Free! Here Is The Solution To Use It For Free.

Zoom Critical Vulnerabilities CVE-2024-39825

Cve-2024-39825 allows an attacker to gain privileged account access due to vulnerability and by exploiting buffer overflow 

It is quite clear to maintain privileged accounts more securely than normal accounts.

The identified flaw allows an attacker to exploit system weakness to gain a high level of account access on a normal account. In simple terms, they exploit buffer overflow vulnerability to get privileged accounts.

These vulnerabilities are present in various versions of platforms across various operating systems such as Windows, Linux, macOS, iOS, and Android.

According to Zoom officials,  Buffer overflow in some Zoom workplace apps and rooms clients may allow an authenticated user to conduct an escalation of privilege via network access.

 You can check the official announcement by Zoom here 

Zoom critical vulnerability CVE-2024-39818

Cve-2024-2=39818 is a significant vulnerability in Zoom workplace apps and SDKs, Protection mechanism failure allows authenticated users to conduct information disclosure via network access. This vulnerability can potentially expose sensitive data, as a mechanism failed to validate and bypassed

Might user data can be compromised with the help of this vulnerability. This can be potentially dangerous for Security.

As Zoom officials said this, read here.

Impact

Only attackers authenticated to one of the affected Zoom applications could exploit these vulnerabilities, but if exploited, the vulnerabilities would enable an attacker to perform information disclosure and/or privilege escalation on the affected system. No evidence exists indicating the bugs were exploited or that proof-of-concept code is publicly available.

Affected applications 

CVE-2024-39818

  • Zoom Workplace App for iOS before version 6.0.10
  • Zoom Workplace Desktop App for Linux before version 6.0.10
  • Zoom Workplace Desktop App for Windows before version 6.0.10
  • Zoom Workplace Desktop App for macOS before version 6.0.10
  • Zoom Workplace VDI Client for Windows before version 5.17.13
  • Zoom Meeting SDK for Windows before version 6.0.10
  • Zoom Meeting SDK for iOS before version 6.0.10
  • Zoom Meeting SDK for Android before version 6.0.10
  • Zoom Meeting SDK for macOS before version 6.0.10
  • Zoom Meeting SDK for Linux before version 6.0.10

CVE-2024-39825

  • Zoom Workplace Desktop App for Linux before version 6.0.0
  • Zoom Workplace Desktop App for Windows before version 6.0.0
  • Zoom Workplace Desktop App for macOS before version 6.0.0
  • Zoom Workplace VDI Client for Windows before version 5.17.13
  • Zoom Workplace App for iOS before version 6.0.0
  • Zoom Workplace App for Android before version 6.0.0
  • Zoom Rooms App for Windows before version 6.0.0
  • Zoom Rooms App for Mac before version 6.0.0
  • Zoom Rooms App for iPad before version 6.0.0

Remediation 

Patch: We advise you to update the affected application to the latest version at a normal priority. These vulnerabilities are not very high risk and can be mitigated through multi-factor authentication. 

Auto-update: It is always advised to implement automation to help with vulnerability remediation. In this case, setting up auto-updating for these applications will assist in expediting any type of patch these applications would experience.  This should be discussed with leadership in your organization as not every application should be patched automatically.

You may also like to read about : White-Netkit: The Ultimate Multipurpose Tool for Networking and Ethical Hacking