Open Nav
Sign Up

Zoom Tackles Critical Security flaws Head-On with New Patches

OPInnovate Research

August 17, 2023

Keeping our online conversations safe is a big deal, and Zoom knows it. The popular video call service recently rolled out fixes to patch up some security holes that were found in its software. Whether you’re using Zoom on your Windows PC, Mac, Linux system, iPhone, Android device, or even in Zoom Rooms, these updates are all about ensuring you can chat and meet online without worrying about unwanted security surprises.

Critical Flaws and Solutions

  1. The Trouble with Improper Input Validation – (CVE-2023-39209, CVE-2023-39216, CVE-2023-39217)
  • Severity: CVSS scores of 5.9, 9.6, 5.
  • Impact: These vulnerabilities could have enabled both authenticated and unauthenticated attackers to exploit improper input validation in the Zoom Windows client. The potential risk includes information leakage or unauthorized privilege escalation
  1. Exposure of Delicate Information – (CVE-2023-39214)
  • Severity: CVSS score of 7.6
  • Impact: This vulnerability in the Zoom Client SDK exposed sensitive data, which could have been used by an attacker to induce a denial of service. Its wide-reaching nature across various platforms emphasized the necessity for immediate action.
  1. Privilege Mismanagement and Untrusted Search Paths – (CVE-2023-39211, CVE-2023-39212, CVE-2023-36540)
  • Severity: CVSS scores of 8.8, 7.9, 7.3
  • Impact: Authenticated users could misuse privileges, reveal data, or launch denial of service attacks within various Windows applications of Zoom.
  1. Escalation of Privileges and Additional Threats – (CVE-2023-36534, CVE-2023-36541, CVE-2023-39213)
  • Severity: CVSS scores of 9.3, 8.0, 9.6
  • Impact: Other significant vulnerabilities include path traversal and inadequate verification of data authenticity in Zoom’s Windows client, which could lead to unauthorized privilege escalation.

Additional Concerns

Zoom has also addressed vulnerabilities linked to clear text storage of sensitive information, client-side enforcement of server-side security, uncontrolled resource consumption, and buffer overflow. The diversity in the security flaws and their corresponding resolutions underlines the complexity of modern cybersecurity and Zoom’s dedication to tackling these challenges.

How to Secure Your Zoom Experience

If you’re a Zoom user, updating your software to the latest version is paramount. This step ensures that you’re protected from these vulnerabilities and helps maintain the privacy and security of your communications.

Visit Zoom’s official website to download the most recent update. Cybersecurity is an ever-evolving landscape, and being proactive is key to staying one step ahead of potential threats. Don’t delay; update today!

Resources highlights

AsyncAPI npm Supply-Chain Attack Delivers Cross-Platform Miasma RAT

A software supply-chain attack compromised four packages in the official AsyncAPI npm namespace, resulting in five malicious package versions being distributed through the project’s legitimate…

Read more >

AsyncAPI supply chain attack

Zoom Windows Vulnerability Enables Account Takeover (CVE-2026-53412)

Zoom has released security updates for a critical vulnerability affecting Zoom Workplace and Zoom Workplace VDI clients for Windows. Tracked as CVE-2026-53412, the vulnerability could…

Read more >

cve-2026-53412

Actively Exploited SonicWall SMA1000 Vulnerabilities (CVE-2026-15409 and CVE-2026-15410)

SonicWall has released emergency hotfixes for two vulnerabilities affecting SMA1000 Series secure access appliances. Both vulnerabilities have been exploited in active attacks, and one carries…

Read more >

sonicwall_cve-2026-15409_cve-2026-15410_op

Critical Gitea Docker Authentication Bypass Under Active Probing: CVE-2026-20896

A critical authentication bypass vulnerability, tracked as CVE-2026-20896, has been disclosed in the official Gitea Docker image. Gitea is a self-hosted software development platform used…

Read more >

gitea_docker_cve-2026-20896

Adobe Patches Multiple Critical ColdFusion and Campaign Classic Vulnerabilities: CVE-2026-48282 Exploitation Observed

Adobe has released security updates for multiple critical vulnerabilities affecting Adobe ColdFusion and Adobe Campaign Classic, including several flaws rated CVSS 10.0.CVE-2026-48282, a critical ColdFusion…

Read more >

adobe_coldfusion_campaign classic_cve-2026-48282

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business
Under Cyber Attack?

Fill out the form and we will contact you immediately.