Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Zoom Addresses High-Severity Vulnerabilities in Video Conferencing Platform



Zoom addressed two high-severity issues in its platform that could allow remote attackers to escalate privileges or leak sensitive information, including a buffer overflow issue and an improper input validation issue.



  • Pierluigi Paganini reported on two high-severity vulnerabilities in Zoom's platform.
  • The vulnerabilities include a buffer overflow issue (CVE-2024-45421) and an improper input validation issue (CVE-2024-45419).
  • Both issues have a CVSS score of 8.5 and were addressed prior to version 6.2.0.
  • Zoom also addressed four medium-severity issues, including improper input validation and uncontrolled resource consumption.
  • Zoom users are advised to update their platforms to version 6.2.0 or later to minimize the risk of exploitation.



  • Pierluigi Paganini of Security Affairs reported on the recent vulnerability disclosed by Zoom addressing two high-severity issues in its platform, including a buffer overflow issue and an improper input validation issue that could allow remote attackers to escalate privileges or leak sensitive information.

    According to the report, both vulnerabilities have a CVSS score of 8.5 and were addressed prior to version 6.2.0 across desktop and mobile platforms. The first vulnerability, CVE-2024-45421, is described as a buffer overflow issue that an authenticated user could exploit via network access. According to Zoom's advisory, "Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access."

    The second vulnerability, CVE-2024-45419, is described as an improper input validation issue that can be exploited remotely without authentication. In this case, according to Zoom's advisory, "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."

    In addition to these two high-severity issues, Zoom also addressed four medium-severity issues, including CVE-2024-45422, CVE-2024-45420, CVE-2024-45418, and CVE-2024-45417. These vulnerabilities include an improper input validation issue, an uncontrolled resource consumption issue, a Symbolic Link Following issue on macOS, and an Uncontrolled Resource Consumption issue.

    The address of the vulnerabilities by Zoom highlights the importance of continuous monitoring and patching to protect against emerging threats in the video conferencing industry. The incident serves as a reminder for organizations that use Zoom's platform to remain vigilant about potential security risks and take prompt action to address them.

    Zoom has taken steps to mitigate these vulnerabilities, including updating its platforms to version 6.2.0 or later across desktop and mobile devices. Users are advised to apply these updates as soon as possible to minimize the risk of exploitation by malicious actors.

    In conclusion, Zoom's recent disclosure highlights the ongoing threat landscape in the video conferencing industry and underscores the importance of vigilance and proactive security measures for organizations that use its platform.



    Related Information:

  • https://securityaffairs.com/170861/security/zoom-fixed-two-high-severity-flaws.html

  • https://www.securityweek.com/high-severity-vulnerabilities-patched-in-zoom-chrome/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-45421

  • https://www.cvedetails.com/cve/CVE-2024-45421/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-45419

  • https://www.cvedetails.com/cve/CVE-2024-45419/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-45422

  • https://www.cvedetails.com/cve/CVE-2024-45422/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-45420

  • https://www.cvedetails.com/cve/CVE-2024-45420/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-45418

  • https://www.cvedetails.com/cve/CVE-2024-45418/

  • https://nvd.nist.gov/vuln/detail/CVE-2024-45417

  • https://www.cvedetails.com/cve/CVE-2024-45417/


  • Published: Wed Nov 13 11:10:53 2024 by llama3.2 3B Q4_K_M













         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us