Zoom App Flaws: A Golden Ticket for Attacker Privilege Escalation

December 14, 2023
1 min read

Zoom, the popular video conferencing software, has experienced security issues with its desktop and mobile apps. The flaws identified could allow attackers to attempt a privilege escalation, gaining unauthorized access to higher rights, permissions, or entitlements. Misconfiguration or inadequate access controls could enable this.

Key vulnerabilities include:

  • <span>CVE-2023-43583 – Cryptographic Issues</span>: This medium-severity vulnerability affects Zoom SDKs for Android and iOS, and Zoom Mobile App for Android and iOS, possibly allowing a privileged user to disclose confidential information through network access.
  • <span>CVE-2023-43585 – Improper Access Control</span>: This high-severity flaw tracked could allow authenticated users to disclose information through network access on Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5.
  • <span>CVE-2023-43586 – Path Traversal</span>: This high-severity bug gives authorized users the ability to carry out an escalation of privilege via network access in various Zoom Desktop Client and VDI Client for Windows, and Zoom SDKs for Windows.
  • Several other high-severity bugs involving path traversal, untrusted search paths, insufficient verification of data authenticity, improper input validation and improper neutralization of special elements have been identified.

These vulnerabilities, particularly those of critical severity, could lead to significant breaches if exploited by unauthorized users who could then escalate privileges via network access. Users are urged to update their software to the most recent versions available to ensure all security updates are applied and their devices are safeguarded.

These issues underline the need for continual evaluation and tightening of security measures on widely used platforms like Zoom. The company has been urged to act proactively to identify potential flaws and to regularly update its apps to minimize risks of cyber attacks.

Security consultants recommend keeping all apps and devices updated to the latest versions and maintaining robust security practices, such as using secure connections and enforcing strong authentication mechanisms to mitigate such risks.

Latest from Blog

Trust is the secret sauce for cybersecurity success

TLDR: Key Points: Trust between CISOs and top executives is crucial for justifying cybersecurity investments. Five key questions CISOs must ask themselves about their cybersecurity strategy include budget justification, risk reporting, celebrating

Expert opinion on cyber security is a must have

TLDR: Key points from the article: Study shows link between lack of sleep and increased risk of Alzheimer’s disease. Researchers found that poor sleep quality was associated with higher levels of brain