The latest list of Zoom vulnerabilities is out, several of which have high severity rating. Patches were issued for six vulnerabilities.
These vulnerabilities affect almost all Windows clients while two were spotted in MacOS platform. Their severity varies and has the potential to be exploited by attackers to gain unauthorized access, escalate privileges, or compromise data integrity.
Zoom Vulnerabilities: High severity
CVE-2023-34113 (CVSS 8) Insufficient Verification of Data Authenticity: Rated as high-risk, this vulnerability affects Zoom for Windows clients before version 5.14.0.
It involves insufficient verification of data authenticity, enabling an authenticated user with network access to potentially escalate privileges. By exploiting this vulnerability, attackers can manipulate data, posing a significant threat to system integrity.
CVE-2023-34114 (CVSS 8.3) Exposure of Resource to Wrong Sphere: This high-severity vulnerability affects Zoom for Windows and Zoom for MacOS clients prior to versions 5.14.10 and 5.14.0, respectively.
An authenticated user with network access can potentially exploit this flaw to enable information disclosure. The vulnerability arises from the exposure of resources to the wrong sphere, which can result in unauthorized access to sensitive information.
CVE-2023-28603 (CVSS 7.7) Improper Access Control in Zoom VDI Client Installer: The Zoom VDI client installer prior to version 5.14.0 contains a high-severity vulnerability.
Exploiting this flaw, a malicious user may potentially delete local files without proper permissions. This vulnerability compromises the system’s integrity and emphasizes the need for strong access controls.
Zoom Vulnerabilities: Medium severity
CVE-2023-28600 (CVSS 6.6) – Improper Access Control in Zoom Clients: Rated as a medium-severity vulnerability, this flaw affects Zoom for MacOS clients prior to version 5.14.0.
It involves improper access control, potentially allowing a malicious user to delete or replace Zoom Client files. Exploiting this vulnerability can result in a loss of integrity and availability of the Zoom Client.
Zoom vulnerabilities: Lower severity
CVE-2023-28601 (CVSS 8.3) – Improper Restriction of Operations within the Bounds of a Memory Buffer in Zoom Clients: This low-severity vulnerability affects Zoom for Windows clients prior to version 5.14.0.
It involves an improper restriction of operations within the bounds of a memory buffer, potentially leading to integrity issues within the Zoom Client. While the severity is lower, it still poses a risk to the affected systems.
CVE-2023-28602 (CVSS 2.8) – Improper Verification of Cryptographic Signature in Zoom Clients: Also rated as low severity, this vulnerability affects Zoom for Windows clients before version 5.13.5.
It relates to improper verification of cryptographic signatures, enabling a potential downgrade of Zoom Client components by malicious users. Although the severity is relatively low, it highlights the importance of maintaining the integrity of cryptographic operations.
Zoom has acknowledged these vulnerabilities and has developed and released patches and updates to address them. Users are strongly advised to update their Zoom software to the latest versions to protect themselves against potential exploitation.
Zoom vulnerabilities and previous exploits
Since its popularity spiked after the pandemic and the global lockdown, Zoom has been in the cybersecurity news for threat actors exploiting its vulnerabilities.
Researchers at Cyble Research & Intelligence Labs (CRIL) recently found instances of a malware campaign targeting Zoom users, where the threat actor uses a modified version of the Zoom app to deploy a phishing attack to deliver the IcedID malware.
Threat actors were found distributing Bumblebee malware through trojanized installers via popular business connection software including Zoom, Cisco AnyConnect, and Citrix Workspace.
Popularity of Zoom in business communication has prompted scamsters launch duplication campaigns too.
The Cyber Express recently reported about numerous fraudulent websites attempting to impersonate Zoom to infect the victims’ devices with malware.
In this case, the Zoom homepage was mimicked by a new campaign, which uses identical designs, user experience, and buttons to entice people to download the app.
The Vidar Stealer malware is downloaded to the system whenever the user installs the software package that was supposed to be the Zoom app, and as soon as it is opened, it immediately begins to spread across the system.
