Zoom Patched Multiple Security Vulnerabilities With Latest Update

The latest Zoom release addressed numerous security vulnerabilities in the software, including a critical flaw. Users should ensure to update their devices with the latest releases to avoid potential threats.

Critical Zoom Flaw Patched With Other Security Vulnerabilities

According to the latest security bulletin, at least seven different vulnerabilities existed in the video conferencing software Zoom. These vulnerabilities affected different Zoom clients, exposing users to global security threats.

These vulnerabilities even include a critical security fix for a privilege escalation flaw. Identified as CVE-2024-24691 (CVSS 9.6), Zoom described this vulnerability as an improper input validation that could allow an unauthenticated adversary to gain elevated privileges via network access. It affected the Zoom Desktop Client for Windows, Zoom VDI Client for Windows, Zoom Rooms Client for Windows, and Zoom Meeting SDK for Windows.

The other six vulnerabilities include the following.

  • CVE-2024-24697 (high severity; CVSS 7.2): This vulnerability affected Zoom 32-bit Windows clients, letting an authenticated adversary gain elevated privileges via local access by exploiting an untrusted search path.
  • CVE-2024-24696 (medium severity; CVSS 6.8): Improper input validation with Zoom in-meeting chat could lead to information disclosure to an authenticated attacker via network access.
  • CVE-2024-24699 (medium severity; CVSS 6.5): Business login error with Zoom clients’ in-meeting chat. Exploiting the flaw could result in information disclosure to an authenticated adversary.
  • CVE-2024-24690 (medium severity; CVSS 5.4): A denial of service vulnerability due to improper input validation.
  • CVE-2024-24698 (medium severity; CVSS 4.9): An information disclosure flaw that existed due to improper authentication, facilitating a privileged user with local access.

Zoom patched these vulnerabilities with different software releases, addressing some with Zoom version 5.16.5 and the rest with version 5.17.0. Given that the recent release, at the time of writing this story, is Zoom version 5.17.7, users should consider updating their systems with this release to receive all security fixes.

Besides, users must always ensure they use the latest software releases for any product to avoid exploits.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients