Security leaks in Zoom meeting software sealed

Security leaks in Zoom meeting software sealed

The manufacturer reports two security gaps in its conference software Zoom: The leak with the greatest risk opens due to a potential buffer overflow through which attackers could crash the service or the applications or even execute arbitrary code. Zoom himself rates the gap as “high” and calculates a CVSS score of 7.3.

The other vulnerability could reveal the status of the process memory – and as a result allow malicious actors to view any memory area of ​​the process. This could allow attackers to gain unauthorized access to sensitive information. The manufacturer classifies this as a medium risk with a CVSS score of 5.3.

Many of the manufacturer’s programs and services are affected. Among the most widespread among them are the Zoom Client for Meetings for Android, Blackberry, Chrome, intune, iOS, Linux, macOS and Windows. But also in the Zoom OnPremise Meeting Connectors and the Zoom Meeting SDKs as well as various other applications, new versions close the security gaps.

the new security bulletins are on the Zoom Security Alerts Summary Page queued. The company has listed all affected software products and versions there in detail. Updated packages are available to everyone. the Corrected Zoom clients and the controller for Zoom Rooms can be found on the public download page. Administrators receive the other updated packages via the accounts known to them. Users and administrators of video conferencing solutions should import them promptly due to the potential effects.


Article Source