Description:

Zoom has released security updates to address vulnerabilities in the following products:

• Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)
  • before version 5.8.4
• Zoom Client for Meetings for Blackberry (for Android and iOS)
  • before version 5.8.1
• Zoom Client for Meetings for intune (for Android and iOS)
• before version 5.8.4
• Zoom Client for Meetings for Chrome OS
  • before version 5.0.1
• Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows)
  • before version 5.8.3
• Controllers for Zoom Rooms (for Android, iOS, and Windows)
  • before version 5.8.3
• Zoom VDI
  • before version 5.8.4
• Zoom Meeting SDK for Android
  • before version 5.7.6.1922
• Zoom Meeting SDK for iOS
  • before version 5.7.6.1082
• Zoom Meeting SDK for Windows
  • before version 5.7.6.1081
• Zoom Meeting SDK for Mac
  • before version 5.7.6.1340
• Zoom Video SDK (for Android, iOS, macOS, and Windows)
  • before version 1.1.2
• Zoom On-Premise Meeting Connector
  • before version 4.8.12.20211115
• Zoom On-Premise Meeting Connector MMR
  • before version 4.8.12.20211115
• Zoom On-Premise Recording Connector
  • before version 5.1.0.65.20211116
• Zoom On-Premise Virtual Room Connector
  • before version 4.4.7266.20211117
• Zoom On-Premise Virtual Room Connector Load Balancer
  • before version 2.5.5692.20211117
• Zoom Hybrid Zproxy
  • before version 1.0.1058.20211116
• Zoom Hybrid MMR
  • before version 4.6.20211116.131_x86-64

Threats:

An attacker could exploit these vulnerabilities by doing the following:

• Memory exposure
• Buffer overflow

Best practice and Recommendations:

The CERT team encourages users to review Zoom security advisory and apply the necessary updates:

• https://explore.zoom.us/en/trust/security/security-bulletin/