"Zoom Patches High Risk Flaws on Windows, MacOS Platforms"

Video messaging giant Zoom recently released patches for multiple security vulnerabilities that expose Windows and macOS users to malicious cyberattacks.  The vulnerabilities in the enterprise-facing Zoom Rooms product could be exploited in privilege escalation attacks on both Windows and macOS platforms.  The company’s first batch of patches for 2023 includes patches for a trio of “high-severity” vulnerabilities in Zoom Room for Windows Installers, Zoom Room for Windows Clients, and Zoom Rooms for macOS Clients.  The first flaw fixed (CVE-2022-36930) is a Local Privilege Escalation flaw in Zoom Rooms for Windows Installers (CVSS 8.2/10).  Zoom Rooms for Windows installers before version 5.13.0 contain the local privilege escalation vulnerability.  A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.  CVE-2022-36929, a Local Privilege Escalation flaw in Zoom Rooms for Windows Clients (CVSS 7.8/10), was also fixed.  Zoom Rooms for Windows clients before version 5.12.7 contain this local privilege escalation vulnerability.  A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.  The last flaw fixed (CVE-2022-36927) is a Local Privilege Escalation flaw in Zoom Rooms for macOS Clients (CVSS 8.8/10).  Zoom Rooms for macOS clients before version 5.11.3 contain this local privilege escalation vulnerability.  A local low-privileged user could exploit this vulnerability to escalate their privileges to root.  Zoom also released fixes for a pair of medium-severity bugs in Zoom Rooms for macOS clients before version 5.11.4, warning that this version of the software contains an insecure key generation mechanism.  Zoom also fixed a path traversal vulnerability in Zoom for Android Clients, warning that a third-party app could exploit this vulnerability to read and write to the Zoom application data directory.

 

SecurityWeek reports: "Zoom Patches High Risk Flaws on Windows, MacOS Platforms"

Submitted by Anonymous on