12/28/2023 0 Comments Deleted keybase app kept chat imagesZoom VDI for Windows clients before 5.13.1ĬVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:Nĭescription: The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability.Ī failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.Zoom Rooms for Windows clients before version 5.13.3.Zoom for Windows clients before version 5.13.3.Updating Microsoft Edge WebView2 Runtime to at least version 1.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior. Updating Zoom remediates this vulnerability by disabling the feature. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Source: Reported by Zoom Offensive Security TeamĬVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:Nĭescription: Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. Zoom VDI Windows Meeting clients before version 5.13.10.Zoom Rooms (for Linux, macOS, and Windows) clients before version 5.13.5.Zoom (for Linux, macOS, and Windows) clients before version 5.13.5.*Changes - Removed Android and iOS from the “Affected Products” section Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from. This could result in an attacker gaining access to a user's device and data, and remote code execution. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. Source: Reported by Zoom Offensive Security Team.ĬVSS Vector String: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:Hĭescription: Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. Zoom Meeting SDK for Windows version 5.15.1 only. Zoom Meeting SDK for macOS version 5.15.0 only.Zoom Meeting SDK for iOS version 5.15.0 only.Zoom Meeting SDK for Android version 5.15.0 only.Zoom Phone Appliance version 5.15.0 only.Zoom Rooms for iPad version 5.15.0 only.Zoom Rooms for macOS version 5.15.0 only.Zoom Rooms for Windows version 5.15.0 only.Zoom Mobile App for Android version 5.15.0 only.Zoom Mobile App for iOS version 5.15.0 only.Zoom Desktop Client for Linux version 5.15.0 only.Zoom Desktop Client for macOS version 5.15.0 only.Zoom Desktop Client for Windows 5.15.0 and 5.15.1.Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from, and avoid using the in-meeting chat while on the affected versions. In the affected products, a copy of each in-meeting chat message was also sent encrypted only using TLS and not with the per-meeting key, including messages sent during End-to-End Encrypted (E2EE) meetings. Zoom encrypts in-meeting chat messages using a per-meeting key and then transmits these encrypted messages between user devices and Zoom using TLS encryption. CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:Nĭescription: Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |