Zoom in the Spotlight – Rooms Full of Vulnerabilities

Every company across the globe has suffered some sort of vulnerability within its systems at some point. They’re just inevitable. Whether it’s iOS or some other company, flaws are bound to exist. Now, Zoom has addressed four “high” severity vulnerabilities that can cause a lot of damage if exploited.

Four Vulnerabilities in Zoom Rooms

The bugs have been discovered within Zoom’s videoconferencing platform, Zoom Rooms. These vulnerabilities are marked as “highly severe” as they allow whoever exploits them to escalate their privileges to the system user.

Zoom Rooms is widely popular for meetings, and with such flaws present, cybercriminals and threat actors can take advantage and do actual harm. What are these bugs? How can they affect Zoom users? Find out below.

Zoom-ing In on Four Vulnerabilities

During the pandemic, Zoom saw an enormous spike in popularity and use. When this period of time ended, people around the world continued to use the platform for their daily meetings.

As we mentioned, vulnerabilities are bound to happen, and cybercriminals will try to exploit them when the opportunity presents itself.

In fact, some bugs and flaws are still making an impact till now. We’re referring to the vulnerability that took the cyber world by storm – Log4Shell.

Zoom has had its own vulnerabilities in the past. However, the newly discovered ones are very severe and dangerous if anyone with malicious intentions decides to act.

The full description of these vulnerabilities is presented below, as stated on Zoom’s website:

  • CVE-2022-36929

Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability.

A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.

  • CVE-2022-36928

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third-party app could exploit this vulnerability to read and write to the Zoom application data directory.

  • CVE-2022-36926/CVE-2022-36927

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

The last ones got a score of 8.8 in terms of severity. Yes! Anyone who exploits these vulnerabilities can easily take full control of the affected device. The good news is that upgrading the platform to version 5.11.3 eliminates the threat.

New Vulnerabilities: Giving Low-Privileged Users Time to Shine

When it comes to vulnerabilities, updating your device is the first step you should take once the company issues the warning.

In fact, Zoom does recommend applying current updates or downloading the latest Zoom software that has all the needed security updates from the website.

Bugs and flaws are not your faults, but when you know about them, updating your software becomes your responsibility. Make sure everything is in place to avoid any future predicament.

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

as-seen-on