Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android.
The issues in the video conferencing software Zoom were discovered by Google Project Zero researcher Natalie Silvanovich. The first flaw, tracked as CVE-2021-34423, is a high-severity buffer overflow vulnerability that received a CVSS base score of 7.3.
“A buffer overflow vulnerability was discovered in the products listed in the “Affected Products” section of this bulletin. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code.” reads the security advisory published by Zoom.
The second vulnerability addressed by the company is a memory corruption issue, tracked as CVE-2021-34424, that received a CVSS base score of 7.3.
“A vulnerability was discovered in the products listed in the “Affected Products” section of this bulletin which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product’s memory.” reads the advisory.
Below is the list of affected Zoom products:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, video conferencing software Zoom)
[adrotate banner=”5″]
[adrotate banner=”13″]
Law enforcement operation codenamed 'Operation RapTor' led to the arrest of 270 dark web vendors…
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…
Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included…
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing…
This website uses cookies.