Update Zoom when you can: they discover vulnerabilities and it is dangerous to use

Become one of the most popular and used apps during the 2020 confinement, Zoom is a favorite for online meetings, video conferences and use in both work and student environments. But precisely because of its high profile, Zoom is a favorite for cybercriminals due to the number of users it attracts.

Upgrade Now Zoom

INCIBE, the National Cybersecurity Institute, has warned of a series of vulnerabilities that appeared in various elements of Zoom. concretely three highly critical vulnerabilities that could allow a cybercriminal exposing process memory in Meeting on-premises services, local elevation of privilege in Zoom clients for Windows, and updating the installed version to an insecure version in Zoom clients for MacOS.

Going into detail about each one, we have to:

The vulnerability in the Zoom connector driver of Meeting on-premises and in the MMR connector exposes chunks of process memory to connected clients, and could be observed by a passive attacker.

The vulnerability that affects Zoom clients in Windows Meetings, Zoom conference rooms, Zoom Add-ins for Microsoft Outlook, and Zoom VDI Meetings clients, makes them susceptible to local privilege escalation during the installer repair operation. A cybercriminal could use this vulnerability to delete files or folders at a system level, causing integrity or availability issues on the user’s host machine.

Related  What to see this weekend? Premieres March 25-27 on Netflix, HBO Max, Disney+, Movistar+

The vulnerability that affects Meetings clients for MacOS It affects the update process where the package version is not checked correctly. This could lead a cybercriminal to upgrade an unsuspecting user’s installed version to a less secure version.

Affected Resources

  • Meeting on-premises Connector Drivers version 4.8.102.20220310;
  • Meeting on-premises MMR Connectors version 4.8.102.20220310;
  • Meetings Clients for Windows prior to version 5.9.7;
  • Conference Room for Windows prior to version 5.10.0;
  • Plugins for Microsoft Outlook for Windows prior to version 5.10.3;
  • VDI Meetings Clients for Windows prior to version 5.9.6;
  • Meetings clients for MacOS (Standard and IT Admin) prior to version 5.9.6.

Zoom has released updates for the affected products listed above that address these vulnerabilities. If for whatever reason you cannot install them, they recommend download the latest version of Zoom containing the latest updates security, something you can do from the official Zoom download center.