Cyber999 Advisories

Overview Contact Advisories Incident Statistics
Share this page :
20 August 2024     Advisory

MA-1128.082024: MyCERT Advisory - Security Updates - Zoom

1.0 Introduction
Recently, Zoom has released security updates to address the multiple vulnerabilities in its products.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege and sensitive information disclosure on the targeted system.

3.0 Affected Products

  • Zoom Workplace Desktop App for Linux before version 6.0.0
  • Zoom Workplace Desktop App for Windows before version 6.0.0
  • Zoom Workplace Desktop App for macOS before version 6.0.0
  • Zoom Workplace VDI Client for Windows before version 5.17.13
  • Zoom Workplace App for iOS before version 6.0.0
  • Zoom Workplace App for Android before version 6.0.0
  • Zoom Rooms App for Windows before version 6.0.0
  • Zoom Rooms App for Mac before version 6.0.0
  • Zoom Rooms App for iPad before version 6.0.0
  • Zoom Workplace App for iOS before version 6.0.10
  • Zoom Workplace Desktop App for Linux before version 6.0.10
  • Zoom Workplace Desktop App for Windows before version 6.0.10
  • Zoom Workplace Desktop App for macOS before version 6.0.10
  • Zoom Meeting SDK for Windows before version 6.0.10
  • Zoom Meeting SDK for iOS before version 6.0.10
  • Zoom Meeting SDK for Android before version 6.0.10
  • Zoom Meeting SDK for macOS before version 6.0.10
  • Zoom Meeting SDK for Linux before version 6.0.10

4.0 CVE Details

  • CVE-2024-39825 (High): Buffer Overflow – Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
  • CVE-2024-39818 (High): Protection Mechanism Failure – Protection mechanism failure in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.

5.0 Recommendations
Users and system administrators are encouraged to review the Zoom Security Bulletin and upgrade to the latest version.

Kindly refer to the URL for more information:

Generally, CyberSecurity Malaysia advises the users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact us through the following channels:

E-mail: cyber999[at]cybersecurity.my 
Phone: 1-300-88-2999 (monitored during business hours) 
Mobile: +60 19 2665850 (24x7 call incident reporting) 
Business Hours: Mon - Fri 08:30 -17:30 MYT 
Web: https://www.mycert.org.my 

6.0 References

Search
Type
Archives
logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP
ASK Byte
Chatbot Portal

Hi, I am ASK Byte. Please submit your questions about the portal and I will try to get answers from online knowledge stores.

Hi, Saya Admin Chatbot. Saya sedia chat dengan anda secara terus. Bagaimana saya boleh membantu anda?

Click the button below to interact with the CSM chatbot

Proceed