Multiple Zoom Client Vulnerabilities Exposes Sensitive data

These vulnerabilities affect Zoom’s desktop, mobile, and Workplace applications, enabling authenticated attackers to execute arbitrary code, corrupt memory, or bypass security protocols via network access. Recent security disclosures reveal multiple high-severity vulnerabilities in Zoom’s client software, exposing millions of users to potential data breaches, privilege escalation, and unauthorized access. Attackers could manipulate the freed memory to execute code, compromise meeting encryption keys, or access user credentials. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. For instance, a crafted network packet could trigger a heap overflow, allowing privilege escalation from standard user to administrator-level access. Organizations must treat Zoom not as a neutral utility but as a high-risk vector requiring stringent controls, a lesson underscored by its 2020 “Zoom-bombing” crisis and ongoing encryption limitations. This flaw occurs when Zoom Apps write excess data to a memory buffer, overwriting adjacent memory regions.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Mar 2025 02:00:17 +0000

Cyber News related to Multiple Zoom Client Vulnerabilities Exposes Sensitive data

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com

Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
2 years ago Packetstormsecurity.com Rocke Hunters

CVE-2021-34423 - A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for ...
3 years ago

CVE-2021-34424 - A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune ...
3 years ago

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
2 years ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213

Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry - The disruption, which began at 11:25 AM PDT and was resolved by 1:12 PM PDT, was traced not to a cyberattack or internal technical failure, but to a server block imposed by GoDaddy Registry the manager of the .us top-level domain after a ...
8 months ago Cybersecuritynews.com

Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
1 year ago Go.theregister.com CVE-2024-24691 CVE-2024-24690 CVE-2024-24695 CVE-2024-24696 CVE-2024-24697 CVE-2024-24698 CVE-2024-24699

Zoom Launches AI Companion, Available at No Additional Cost - Zoom has pledged to provide artificial intelligence functions on its video-conferencing platform at no additional cost to paid clients. The tech firm believes that including these extra features as part of its paid platform service will provide a ...
2 years ago Cysecurity.news

Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds - While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco ...
1 year ago Esecurityplanet.com CVE-2024-21412 CVE-2020-3259 Akira

Zoom Workplace Apps Vulnerability Let Attackers Inject Malicious Script - The vulnerabilities, detailed in Zoom Security Bulletin ZSB-25013, affect a wide range of Zoom Workplace applications, including desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android. Multiple null pointer dereference ...
9 months ago Cybersecuritynews.com CVE-2025-30670

Hackers abuse Zoom remote control feature for crypto-theft attacks - A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. "For organizations handling particularly ...
8 months ago Bleepingcomputer.com

Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks - Recently, two vulnerabilities have been discovered in specific Zoom Clients for Windows, which could enable attackers to launch Denial of Service (DoS) attacks. The vulnerabilities impact multiple Zoom products for Windows, with slight variations in ...
6 months ago Cybersecuritynews.com CVE-2025-49464

Multiple Zoom Client Vulnerabilities Exposes Sensitive data - These vulnerabilities affect Zoom’s desktop, mobile, and Workplace applications, enabling authenticated attackers to execute arbitrary code, corrupt memory, or bypass security protocols via network access. Recent security disclosures reveal ...
10 months ago Cybersecuritynews.com

Zoom Team Chat Decrypted to Uncover User Activities - As remote work continues to be standard practice, understanding the security architecture of communication platforms like Zoom becomes increasingly crucial for maintaining organizational data protection. Zoom Team Chat employs a sophisticated ...
9 months ago Cybersecuritynews.com

Zoom Security Vulnerabilities: What You Need to Know - Zoom, a leading video conferencing platform, has faced multiple security vulnerabilities that have raised concerns among users and cybersecurity experts alike. These vulnerabilities range from unauthorized access issues to data leakage risks, ...
2 months ago Cybersecuritynews.com CVE-2020-6109 CVE-2020-6110 CVE-2021-34423

Penetration Testing for Sensitive Data Exposure in Enterprise Networks: Everything You Need to Know! - The amount of data enterprises store is much bigger than SMBs. A lot of this data includes sensitive information of customers and clients such as bank details, social security numbers, emails, contact numbers, etc. For those new to data security, ...
2 years ago Securityboulevard.com

CVE-2022-28762 - Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain ...
3 years ago

Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
1 year ago Feeds.dzone.com

Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
1 year ago Aws.amazon.com

CVE-2023-22880 - Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 ...
2 years ago

Data Loss Prevention for Business: Strategies and Tools - Data Loss Prevention has become crucial in today's data-driven business landscape to protect sensitive information. This discussion aims to provide valuable insights into DLP strategies and tools for business, helping mitigate data loss risks ...
1 year ago Securityzap.com

Data thieves abuse Microsoft's 'verified publisher' status The Register - Miscreants using malicious OAuth applications abused Microsoft's "Verified publisher" status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings. According to researchers with ...
2 years ago Packetstormsecurity.com Lazarus Group

Aim for a modern data security approach - Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Why current data ...
2 years ago Helpnetsecurity.com

CVE-2022-22785 - The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting ...
3 years ago

CVE-2022-22788 - The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom ...
3 years ago