Summary:
Zoom, a popular video messaging platform, has recently addressed seven vulnerabilities across its desktop and mobile applications, including critical flaws affecting its Windows software. Among these, CVE-2024-24691 stands out as a critical issue characterized by improper input validation, potentially allowing unauthorized users to escalate privileges via network access.[/subscribe_to_unlock_form]
Summary:
Zoom, a popular video messaging platform, has recently addressed seven vulnerabilities across its desktop and mobile applications, including critical flaws affecting its Windows software. Among these, CVE-2024-24691 stands out as a critical issue characterized by improper input validation, potentially allowing unauthorized users to escalate privileges via network access.[emaillocker id="1283"]
Additionally, CVE-2024-24697 are high-severity escalation of privilege vulnerabilities impacting various Windows clients, potentially exploitable locally without authentication. These vulnerabilities affect several Zoom products, including Desktop Client, VDI Client, Meeting SDK, and Rooms Client, across different versions. While there is no indication of active exploitation, users are strongly advised to update their applications to the latest available versions promptly to mitigate these security risks.
Recommendations:
References:
The following reports contain further technical details:
https://securityaffairs.com/159121/security/zoom-crirical-cve-2024-24691.html
[/emaillocker]