The developers of Zoom have been working diligently to correct security vulnerabilities within their web conferencing software. In fact, the company has published twelve security reports addressing these vulnerabilities. In order to ensure optimal security for users and prevent potential attacks, IT managers should install the updated software as soon as possible.
Out of the twelve vulnerabilities, six were classified as high risk, four as medium threat, and two as low risk. For example, one high-risk vulnerability was due to insufficient rights management, which allowed users with local access to extend their rights. Another vulnerability allowed registered users from the network to access information without authorization.
It was also discovered that authenticated malicious web actors could escalate their privileges due to insufficient verification of data authenticity by Zoom. Additionally, the Zoom VDI installer didn’t properly check access rights, which attackers could exploit to delete local files without proper permission. Malicious users were also able to crash a victim’s Zoom app by exploiting an HTML injection vulnerability.
At the core of these threats lies the fact that attackers can escalate their privileges and gain access to sensitive information. Thankfully, these vulnerabilities have been addressed by the latest versions of Zoom for macOS and Zoom for Windows 5.14.10 and newer, along with Zoom for Linux, Android and iOS 5.13.10 and newer, Zoom Meeting SDK 5.13.0 and Zoom Rooms for Windows and Zoom VDI for Windows 5.14.0 or newer.
Zoom has provided an overview page on their website that includes details for each security gap and how they can be addressed in the updated versions of the software. Users are encouraged to check whether they have the updated software installed and take action to address any potential vulnerabilities.
In March, Zoom had to address high-risk security gaps in the software that allowed attackers to inject and execute malicious code. These recent vulnerabilities further underscore the importance of consistently updating software to prevent potentially dangerous security breaches.
