8.7 C
Tuesday, February 20, 2024

Zoom Patched A number of Safety Vulnerabilities With Newest Replace

The most recent Zoom launch addressed quite a few safety vulnerabilities within the software program, together with a crucial flaw. Customers ought to guarantee to replace their units with the newest releases to keep away from potential threats.

Crucial Zoom Flaw Patched With Different Safety Vulnerabilities

In accordance with the newest safety bulletin, not less than seven totally different vulnerabilities existed within the video conferencing software program Zoom. These vulnerabilities affected totally different Zoom shoppers, exposing customers to international safety threats.

These vulnerabilities even embody a crucial safety repair for a privilege escalation flaw. Recognized as CVE-2024-24691 (CVSS 9.6), Zoom described this vulnerability as an improper enter validation that would enable an unauthenticated adversary to realize elevated privileges by way of community entry. It affected the Zoom Desktop Shopper for Home windows, Zoom VDI Shopper for Home windows, Zoom Rooms Shopper for Home windows, and Zoom Assembly SDK for Home windows.

The opposite six vulnerabilities embody the next.

  • CVE-2024-24697 (excessive severity; CVSS 7.2): This vulnerability affected Zoom 32-bit Home windows shoppers, letting an authenticated adversary acquire elevated privileges by way of native entry by exploiting an untrusted search path.
  • CVE-2024-24696 (medium severity; CVSS 6.8): Improper enter validation with Zoom in-meeting chat might result in info disclosure to an authenticated attacker by way of community entry.
  • CVE-2024-24699 (medium severity; CVSS 6.5): Enterprise login error with Zoom shoppers’ in-meeting chat. Exploiting the flaw might lead to info disclosure to an authenticated adversary.
  • CVE-2024-24690 (medium severity; CVSS 5.4): A denial of service vulnerability as a consequence of improper enter validation.
  • CVE-2024-24698 (medium severity; CVSS 4.9): An info disclosure flaw that existed as a consequence of improper authentication, facilitating a privileged person with native entry.

Zoom patched these vulnerabilities with totally different software program releases, addressing some with Zoom model 5.16.5 and the remainder with model 5.17.0. On condition that the current launch, on the time of penning this story, is Zoom model 5.17.7, customers ought to think about updating their methods with this launch to obtain all safety fixes.

Apart from, customers should all the time guarantee they use the newest software program releases for any product to keep away from exploits.

Tell us your ideas within the feedback.

Latest news
Related news


Please enter your comment!
Please enter your name here