Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks.
Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android.
The issues in the video conferencing software Zoom were discovered by Google Project Zero researcher Natalie Silvanovich. The first flaw, tracked as CVE-2021-34423, is a high-severity buffer overflow vulnerability that received a CVSS base score of 7.3.
“A buffer overflow vulnerability was discovered in the products listed in the “Affected Products” section of this bulletin. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.” reads the security advisory published by Zoom.
The second vulnerability addressed by the company is a memory corruption issue, tracked as CVE-2021-34424, that received a CVSS base score of 7.3.
“A vulnerability was discovered in the products listed in the “Affected Products” section of this bulletin which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product’s memory.” reads the advisory.
Below is the list of affected Zoom products:
Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4
Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1
Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4
Zoom Client for Meetings for Chrome OS before version 5.0.1
Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3
Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3
Zoom VDI before version 5.8.4
Zoom Meeting SDK for Android before version 126.96.36.1992
Zoom Meeting SDK for iOS before version 188.8.131.522
Zoom Meeting SDK for macOS before version 184.108.40.2060
Zoom Meeting SDK for Windows before version 220.127.116.111
Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2
Zoom On-Premise Meeting Connector Controller before version 18.104.22.16811115
Zoom On-Premise Meeting Connector MMR before version 22.214.171.12411115
Zoom On-Premise Recording Connector before version 126.96.36.199.20211116
Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117
Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117
Zoom Hybrid Zproxy before version 1.0.1058.20211116
Zoom Hybrid MMR before version 4.6.20211116.131_x86-64
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.