Open Nav
Sign Up

Zoom Tackles Critical Security flaws Head-On with New Patches

OPInnovate Research

August 17, 2023

Keeping our online conversations safe is a big deal, and Zoom knows it. The popular video call service recently rolled out fixes to patch up some security holes that were found in its software. Whether you’re using Zoom on your Windows PC, Mac, Linux system, iPhone, Android device, or even in Zoom Rooms, these updates are all about ensuring you can chat and meet online without worrying about unwanted security surprises.

Critical Flaws and Solutions

  1. The Trouble with Improper Input Validation – (CVE-2023-39209, CVE-2023-39216, CVE-2023-39217)
  • Severity: CVSS scores of 5.9, 9.6, 5.
  • Impact: These vulnerabilities could have enabled both authenticated and unauthenticated attackers to exploit improper input validation in the Zoom Windows client. The potential risk includes information leakage or unauthorized privilege escalation
  1. Exposure of Delicate Information – (CVE-2023-39214)
  • Severity: CVSS score of 7.6
  • Impact: This vulnerability in the Zoom Client SDK exposed sensitive data, which could have been used by an attacker to induce a denial of service. Its wide-reaching nature across various platforms emphasized the necessity for immediate action.
  1. Privilege Mismanagement and Untrusted Search Paths – (CVE-2023-39211, CVE-2023-39212, CVE-2023-36540)
  • Severity: CVSS scores of 8.8, 7.9, 7.3
  • Impact: Authenticated users could misuse privileges, reveal data, or launch denial of service attacks within various Windows applications of Zoom.
  1. Escalation of Privileges and Additional Threats – (CVE-2023-36534, CVE-2023-36541, CVE-2023-39213)
  • Severity: CVSS scores of 9.3, 8.0, 9.6
  • Impact: Other significant vulnerabilities include path traversal and inadequate verification of data authenticity in Zoom’s Windows client, which could lead to unauthorized privilege escalation.

Additional Concerns

Zoom has also addressed vulnerabilities linked to clear text storage of sensitive information, client-side enforcement of server-side security, uncontrolled resource consumption, and buffer overflow. The diversity in the security flaws and their corresponding resolutions underlines the complexity of modern cybersecurity and Zoom’s dedication to tackling these challenges.

How to Secure Your Zoom Experience

If you’re a Zoom user, updating your software to the latest version is paramount. This step ensures that you’re protected from these vulnerabilities and helps maintain the privacy and security of your communications.

Visit Zoom’s official website to download the most recent update. Cybersecurity is an ever-evolving landscape, and being proactive is key to staying one step ahead of potential threats. Don’t delay; update today!

Resources highlights

High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)

A critical vulnerability in the Forminator plugin, one of the most popular form-building plugins in Wordpress, allows unauthenticated attackers to delete arbitrary files on the…

Read more >

CVE-2025-6463

CVE-2025-6554: Chrome V8 Zero-Day Exploited in the Wild

On June 30, 2025, Google issued an emergency patch for a critical zero-day vulnerability in its Chrome browser, tracked as CVE-2025-6554. The flaw resides in…

Read more >

CVE-2025-6554

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

On June 25, 2025, Cisco disclosed and patched two critical remote code execution (RCE) vulnerabilities: CVE-2025-20281 and CVE-2025-20282, affecting its widely deployed Identity Services Engine…

Read more >

CVE-2025-20281 & CVE-2025-20282

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

On June 25, 2025, CISA added CVE‑2024‑54085, a critical authentication bypass vulnerability in the MegaRAC SPx Baseboard Management Controller (BMC) firmware, to its Known Exploited…

Read more >

CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a sophisticated malware campaign dubbed “UMBRELLA…

Read more >

umbrella stand fortinet

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary planting techniques. Tracked as CVE-2025-49144,…

Read more >

CVE-2025-49144
Under Cyber Attack?

Fill out the form and we will contact you immediately.