Zoom Updates
2012Warning Date
Severity Level
Warning Number
Target Sector
25 November, 2021
● Medium
2021-3940
All
Description:
Zoom has released security updates to address vulnerabilities in the following products:
- Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)
- before version 5.8.4
- Zoom Client for Meetings for Blackberry (for Android and iOS)
- before version 5.8.1
- Zoom Client for Meetings for intune (for Android and iOS)
- before version 5.8.4
- Zoom Client for Meetings for Chrome OS
- before version 5.0.1
- Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows)
- before version 5.8.3
- Controllers for Zoom Rooms (for Android, iOS, and Windows)
- before version 5.8.3
- Zoom VDI
- before version 5.8.4
- Zoom Meeting SDK for Android
- before version 5.7.6.1922
- Zoom Meeting SDK for iOS
- before version 5.7.6.1082
- Zoom Meeting SDK for Windows
- before version 5.7.6.1081
- Zoom Meeting SDK for Mac
- before version 5.7.6.1340
- Zoom Video SDK (for Android, iOS, macOS, and Windows)
- before version 1.1.2
- Zoom On-Premise Meeting Connector
- before version 4.8.12.20211115
- Zoom On-Premise Meeting Connector MMR
- before version 4.8.12.20211115
- Zoom On-Premise Recording Connector
- before version 5.1.0.65.20211116
- Zoom On-Premise Virtual Room Connector
- before version 4.4.7266.20211117
- Zoom On-Premise Virtual Room Connector Load Balancer
- before version 2.5.5692.20211117
- Zoom Hybrid Zproxy
- before version 1.0.1058.20211116
- Zoom Hybrid MMR
- before version 4.6.20211116.131_x86-64
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Memory exposure
- Buffer overflow
Best practice and Recommendations:
The CERT team encourages users to review Zoom security advisory and apply the necessary updates: