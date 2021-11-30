



Security researchers at Google Project Zero have discovered two vulnerabilities in video conference software Zoom that expose users to attacks. This vulnerability affects the Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android.

The problem with the video conference software Zoom was discovered by Google Project Zero researcher Natalie Silvanovich. The first flaw tracked as CVE-2021-34423 is a severe buffer overflow vulnerability that received a CVSS base score of 7.3.

A buffer overflow vulnerability was discovered in the products listed in the Affected Products section of this bulletin. This could allow a malicious attacker to crash a service or application or exploit this vulnerability to execute arbitrary code. Read the security advisory published by Zoom.

The second vulnerability that the company addressed was a memory corruption issue that was tracked as CVE-2021-34424 and received a CVSS base score of 7.3.

“A vulnerability has been discovered in the products listed in the” Affected Products “section of this bulletin. This can reveal the state of process memory. This issue can be used because it may give you insight into any area of ​​product memory. Read the advisory.

The following is a list of affected Zoom products.

Conferencing Zoom Client prior to version 5.8.4 (for Android, iOS, Linux, macOS, and Windows) Pre-version 5.8.1 Conferencing Zoom Client for Blackberry (for Android and iOS) Version 5.8.1 and earlier in Zoom Client for Meetings for Tune (for Android and iOS) Version 5.8.4 Zoom Client for Meetings for Chrome OS Prior to Version 5.8.1 Zoom Room for Meetings Prior to Version 5.8.3 (Android, AndroidBali, macOS, and Windows) For Zoom Room Controllers prior to version 5.8.3 (for Android, iOS, and Windows) .3Zoom VDI for version 5.8.4 Zoom Meeting SDK for Android before version 5.7.6.1922 Zoom Meeting SDK for iOS before version 5.7.6.1082 Zoom Meeting SDK for macOS before version 5.7.6.1340 Zoom Meeting SDK for Windows before version 5.7.6.1081 Zoom Video SDK (for Android, iOS, macOS, and Windows) Version 1.1.2 and earlier Version 4.8.12.202 11115 and earlier Zoom on-premises meetings Connector controller Zoom on-premises meeting connector prior to version 4.8.12.20211115 Zoom on-premises recording connector prior to MMR version 5.1.0. 65.20211116 Zoom On-Premises Virtual Room Connector (Before Version 4.4.7266.20211117) Zoom On-Premises Virtual Room Connector Load Balancer (Before Version 2.5.5692.20211117) Zoom Hybrid Zproxy (Before Version 1.0.1058.20211116) Zoom Hybrid MMR (Before Version 4.6.20211116.131_x86-64) before that)

Pierluigi Paganini

