Zoom found two vulnerabilities scoring 7.3 on the CVSS scale

Zoom found two vulnerabilities scoring 7.3 CVSS scale

Researchers at Google Project Zero have reported further security issues with Zoom, the popular video conferencing software. Experts noted that vulnerabilities create an attack vector against users of this service.

In total, experts found two flaws affecting the Zoom client for Windows, macOS, Linux, iOS and Android operating systems . The first bug was assigned the CVE-2021-34423 ID and 7.3 CVSS (Buffer Overflow).

“The detected buffer overflow capability allows a conditional attacker to cause an application or service to crash. In certain scenarios of exploitation, an attacker will be able to execute arbitrary code, “- reads an official statement from representatives of Zoom.

Another vulnerability identified as CVE-2021-34424 scored the same 7.3 points. Here the problem already lies in memory corruption. Zoom’s developers describe it as follows:

“Presumably, this flaw opens access to memory and allows you to extract confidential information.”

The affected versions of the Zoom client are listed below:

  • Zoom Client for Meetings (for Android, iOS, Linux, macOS and Windows) up to 5.8.4
  • Zoom Client for Meetings for Blackberry (for Android and iOS) up to 5.8.1
  • Zoom Client for Meetings for intune (for Android and iOS) up to 5.8.4
  • Zoom Client for Meetings for Chrome OS up to 5.0.1
  • Zoom Rooms for Conference Room (for Android, AndroidBali, macOS and Windows) up to 5.8.3
  • Controllers for Zoom Rooms (for Android, iOS and Windows) up to 5.8.3
  • Zoom VDI up to 5.8.4
  • Zoom Meeting SDK for Android version up to 5.7.6.1922
  • Zoom Meeting SDK for iOS version up to 5.7.6.1082
  • Zoom Meeting SDK for macOS up to 5.7.6.1340
  • Zoom Meeting SDK for Windows up to 5.7.6.1081
  • Zoom Video SDK (for Android, iOS, macOS and Windows) up to 1.1.2
  • Zoom On-Premise Meeting Connector Controller prior to 4.8.12.20211115
  • Zoom On-Premise Meeting Connector MMR up to 4.8.12.20211115
  • Zoom On-Premise Recording Connector up to 5.1.0.65.20211116
  • Zoom On-Premise Virtual Room Connector up to 4.4.7266.20211117
  • Zoom On-Premise Virtual Room Connector Load Balancer up to 2.5.5692.20211117
  • Zoom Hybrid Zproxy up to 1.0.1058.20211116
  • Zoom Hybrid MMR up to 4.6.20211116.131_x86-64

Catch up on more stories here

Follow us on Facebook here

Leave a Reply