According to Security Affairs, Google Project Zero security researchers have recently discovered that there are two important vulnerabilities in Video Conference Software Zoom, which may allow users to attack.
These two vulneurs affect Windows, Macos, Linux, IOS and Android platforms, which means that almost all users are in the threat of vulnerabilities.
The first vulnerability number is CVE-2021-34423, which is a highly serious buffer overflow vulnerability, and CVSS basically scores 7.3 points. The second vulnerability number is CVE-2021-34424, which is a highly severe memory damage vulnerability, and the basic score of CVSS is also 7.3 points.
Currently, Google has already shared these two vulnerabilities to Zoom. The security announcement released by ZOOM recognizes the two vulnerabilities and stated that "some products have found a buffer overflow vulnerability and memory corruption vulnerability, which may make the application or service crash, and attackers can use these vulnerabilities to perform any code. Or expose the content status of the process, etc. "
The following is a list of affected ZOOM products:
ZOOM conferencing clients before version 5.8.4 (for Android, iOS, Linux, MacOS, and Windows)
The ZOOM client for the BlackBerry meeting before version 5.8.1 (for Android and iOS)
Subbled for Conference 5.8.4 for INTUNE (for Android and iOS)
Zoom Client for Meetings 5.0.1 for the Chrome operating system
1. Zoom Rooms for Conference Rooms 5.8.3 (suitable for Android, Androidbali, MacOS, and Windows)
Zoom Rooms Controller before version 5.8.3 (for Android, iOS, and Windows)
It is worth mentioning that on November 29th, ZOOM announces the introduction of the automatic update function to simplify the update process of the desktop client. The mobile device can only be performed by the built-in automatic update of the respective application stores. renew.
ZOOM Company’s Privacy & Safety Technology Product Manager said "For personal users "
In addition, ZOOM users can also select the updated frequency: if the high frequency update is selected, the latest software and feature will be installed immediately; if the low frequency update is selected, then the number of updates will be reduced directly, and more focused on maximum improvement stability.
Although the platform has provided automated updates to enterprise users before this, this update "expands the target audience to all personal users including non-corporate organization members."