Zoom Tackles Critical Security flaws Head-On with New Patches

OPInnovate Research

August 17, 2023

Keeping our online conversations safe is a big deal, and Zoom knows it. The popular video call service recently rolled out fixes to patch up some security holes that were found in its software. Whether you’re using Zoom on your Windows PC, Mac, Linux system, iPhone, Android device, or even in Zoom Rooms, these updates are all about ensuring you can chat and meet online without worrying about unwanted security surprises.

Critical Flaws and Solutions

  1. The Trouble with Improper Input Validation – (CVE-2023-39209, CVE-2023-39216, CVE-2023-39217)
  • Severity: CVSS scores of 5.9, 9.6, 5.
  • Impact: These vulnerabilities could have enabled both authenticated and unauthenticated attackers to exploit improper input validation in the Zoom Windows client. The potential risk includes information leakage or unauthorized privilege escalation
  1. Exposure of Delicate Information – (CVE-2023-39214)
  • Severity: CVSS score of 7.6
  • Impact: This vulnerability in the Zoom Client SDK exposed sensitive data, which could have been used by an attacker to induce a denial of service. Its wide-reaching nature across various platforms emphasized the necessity for immediate action.
  1. Privilege Mismanagement and Untrusted Search Paths – (CVE-2023-39211, CVE-2023-39212, CVE-2023-36540)
  • Severity: CVSS scores of 8.8, 7.9, 7.3
  • Impact: Authenticated users could misuse privileges, reveal data, or launch denial of service attacks within various Windows applications of Zoom.
  1. Escalation of Privileges and Additional Threats – (CVE-2023-36534, CVE-2023-36541, CVE-2023-39213)
  • Severity: CVSS scores of 9.3, 8.0, 9.6
  • Impact: Other significant vulnerabilities include path traversal and inadequate verification of data authenticity in Zoom’s Windows client, which could lead to unauthorized privilege escalation.

Additional Concerns

Zoom has also addressed vulnerabilities linked to clear text storage of sensitive information, client-side enforcement of server-side security, uncontrolled resource consumption, and buffer overflow. The diversity in the security flaws and their corresponding resolutions underlines the complexity of modern cybersecurity and Zoom’s dedication to tackling these challenges.

How to Secure Your Zoom Experience

If you’re a Zoom user, updating your software to the latest version is paramount. This step ensures that you’re protected from these vulnerabilities and helps maintain the privacy and security of your communications.

Visit Zoom’s official website to download the most recent update. Cybersecurity is an ever-evolving landscape, and being proactive is key to staying one step ahead of potential threats. Don’t delay; update today!

Under Cyber Attack?

Fill out the form and we will contact you immediately.