CyberSecurityBoard
Sponsor Register Login

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges

The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation.
An attacker may be able to obtain elevated privileges within the application or the operating system by exploiting this vulnerability.
A privilege escalation attack is an attempt to obtain unauthorized access to higher rights, permissions, privileges, or entitlements than those allocated to a particular account, user, or device.
This can occur as a result of a system flaw, misconfiguration, or inadequate access controls.
Cryptographic issues, having a CVSS rating of 4.9, are the medium-severity vulnerabilities tracked as CVE-2023-43583.
This is a high-severity flaw tracked as CVE-2023-43585, which has a CVSS rating of 7.1.
The Zoom Mobile App for iOS and Zoom SDKs for iOS may have improper access control, enabling an authenticated user to disclose information through network access.
With a CVSS rating of 7.3, this high-severity bug has been identified as CVE-2023-43586.
An authorized user may be able to carry out an escalation of privilege via network access in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows using path traversal.
With a CVSS rating of 7.3, this bug is classified as High severity and is tracked as CVE-2023-36540.
Before Zoom Desktop Client version 5.14.5 for Windows, an authenticated user may have been able to enable an escalation of privilege via local access by using an untrusted search path in the installer.
With a CVSS rating of 8, this bug is classified as High severity and is tracked as CVE-2023-36541.
Before Zoom Desktop Client for Windows version 5.14.5, there was insufficient data authenticity verification, which could have enabled an escalation of privilege via network access for an authenticated user.
With a 9.3 CVSS rating, this critical severity flaw is listed as CVE-2023-36534.
Before Zoom Desktop Client for Windows version 5.14.7, path traversal could have enabled an escalation of privilege via network access for an unauthorized user.
This vulnerability, identified as CVE-2023-39216, has a critical severity and a 9.6 CVSS rating.
Before Zoom Desktop Client for Windows version 5.14.7, improper input validation could have enabled an escalation of privilege via network access for an unauthorized user.
This vulnerability, identified as CVE-2023-39213, has a critical severity and a 9.6 CVSS rating.
An unauthenticated user may be able to enable an escalation of privilege via network access due to improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client.
Users are urged to maintain their security by installing the most recent updates or getting the most recent version of Zoom software, including all security updates.


This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 14 Dec 2023 13:55:25 +0000


Cyber News related to Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges

Zoom flaw enabled hijacking of accounts with access to meetings, team chat - A Zoom flaw that enabled the hijacking of service accounts with access to potentially confidential information was disclosed by bug hunters this week. The vulnerability in the Zoom Rooms feature mostly affected Zoom tenants using email addresses from ...
11 months ago Packetstormsecurity.com
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
11 months ago Cybersecuritynews.com
CVE-2021-34423 - A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for ...
2 years ago
CVE-2021-34424 - A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune ...
2 years ago
Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
9 months ago Go.theregister.com
Ushering in the Next Phase of Mobile App Adoption: Bolstering Growth with Unyielding Security - In recent years, mobile apps have surged in popularity providing consumers with instant access to a variety of life essentials such as finances, education, and healthcare to life's pleasures such as shopping, sports, and gaming. With the popularity ...
11 months ago Cyberdefensemagazine.com
The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
11 months ago Feeds.dzone.com
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
6 months ago
Zoom Launches AI Companion, Available at No Additional Cost - Zoom has pledged to provide artificial intelligence functions on its video-conferencing platform at no additional cost to paid clients. The tech firm believes that including these extra features as part of its paid platform service will provide a ...
10 months ago Cysecurity.news
Mobile Insecurity: Unmasking the Vulnerabilities in Your Pocket - Mobile devices have become indispensable companions in our daily lives, offering us instant access to a world of information and services. On average, mobile users interact with more than 20 applications each day, making these handheld marvels ...
10 months ago Cyberdefensemagazine.com
Is Your Organization Infected by Mobile Spyware? - The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat-mobile spyware. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate ...
10 months ago Blog.checkpoint.com
Weekly Vulnerability Recap 2/19/2024: News from Microsoft, Zoom, SolarWinds - While this week was a little light on vulnerability news, it's still been significant, with Microsoft's Patch Tuesday happening as well as updates for major products, like Zoom. Akira ransomware vulnerabilities have also surfaced in older Cisco ...
9 months ago Esecurityplanet.com
Mobile Device Security: Protecting Your Smartphone - To ensure the safety of your smartphone and protect your personal data from unauthorized access, it is crucial to take proactive steps to enhance mobile device security. Enable device encryption: Enable device encryption on your smartphone to protect ...
9 months ago Securityzap.com
The Art of Securing Cloud-Native Mobile Applications - We will explore the dynamic intersection of cloud-native architecture and mobile application security, delving into the strategies and best practices essential for safeguarding sensitive data, ensuring user privacy, and fortifying against emerging ...
11 months ago Feeds.dzone.com
Secure Financial Apps: Proactive Measures - People are using multiple apps to transfer, invest, and save money as per their requirements. These are some of the scenarios within a financial app where cybersecurity can play a key role in averting fraudulent transactions. Of late, a lot of ...
11 months ago Feeds.dzone.com
Top Security Trends and Predictions for 2024 - Approov stands at the forefront of mobile cybersecurity: Our expansive customer base, ongoing research initiatives and the insights we collect from our live threat metrics, give us unique visibility into trends in mobile security. First, let's talk ...
11 months ago Securityboulevard.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
11 months ago Securityboulevard.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
9 months ago Go.theregister.com
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only - The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication app. Authy is an authenticator app that allows users to set up ...
10 months ago Bleepingcomputer.com
Increase In Mobile Threats Calls for A Proactive Mindset. - Mobile threats are always evolving in the world of business. Threats to mobile security are increasing: More than 60% of cyber attacks now occur on mobile devices, including phishing and smishing scams and password theft within organisations. One ...
11 months ago Cyberdefensemagazine.com
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
11 months ago Darkreading.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
9 months ago Bleepingcomputer.com
Unified Endpoint Management: What is it and What's New? - What began as Mobile Device Management has now transitioned through Mobile Application Management and Enterprise Mobility Management to culminate in UEM. This progression underscores the industry's response to the ever-growing challenges of modern IT ...
11 months ago Securityboulevard.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
9 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
9 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)