Zoom has released security updates to fix several vulnerabilities that could allow attackers to take control of a user’s account or system.
The first vulnerability, is tracked as CVE-2023-39215 with a CVSS score of 7.1, is an improper authentication issue that affects all Zoom clients for Windows, macOS, Linux, and Android. An authenticated attacker could exploit this vulnerability to conduct a DoS attack against a Zoom meeting. This vulnerability affects the Zoom Desktop Clients across Windows, macOS, and Linux platforms.
The second vulnerability, is tracked as CVE-2023-39208 with a CVSS score of 6.5, is an improper input validation issue that affects the Zoom Desktop Client for Linux. An unauthenticated attacker could exploit this vulnerability to conduct a DoS attack against the Zoom client. The Zoom Desktop Client for Linux, prior to version 5.15.10, seems to have an improper input validation issue.
The third vulnerability, tracked as CVE-2023-39201 with a CVSS score of 7.2, is an untrusted search path issue that affects CleanZoom, a tool that is used to remove Zoom recordings from a user’s system. A privileged user could exploit this vulnerability to escalate their privileges on the system.
Zoom has released patches for all these vulnerabilities. Users are advised to update their Zoom software as soon as possible to protect themselves from these attacks. Follow below steps to safeguard.
- Keep update the Zoom client version updated.
- Be vigilant while opening links and attachments from untrusted sources.
- Use a strong password for their Zoom account.
- Enable MFA for their Zoom account.