Home SEO News Zoom privilege escalation vulnerability via incorrect authorization

Zoom privilege escalation vulnerability via incorrect authorization

Dec 11, 2023 0 Comments
Zoom privilege escalation vulnerability via incorrect authorization

Zoom issued an urgent security advisory regarding a flaw in the Zoom client that could allow a user to gain elevated privileges and access for which they are not authorized.

Zoom clients and user roles

The Zoom web client is what users use to access a meeting.

Improper authorization in a Zoom client is a security flaw that allows users to access functionality or data for which they are not authorized based on assigned user privilege levels.

There are three levels of access called user roles in Zoom. User roles define whether a user has the necessary privileges to perform specific actions or access various data resources.

The three levels are:

Owner: Highest privilege level that has access to everything Administrator: Can add, remove, or edit users and manage account features. Members: The lowest user role. You can only manage your own profile settings

Zoom customers: Incorrect authorization

Zoom’s security alert warned that users can escalate their user role privileges.

According to the security notice:

“Improper authorization in some Zoom clients may allow an authorized user to perform privilege escalation via network access.”

This vulnerability is mitigated to some extent because a user must first be authorized on the network to proceed to the next step of escalating user privileges. This may be why the security issue has been assigned an average severity score of 5.5/10.

List of affected Zoom customers

Zoom Desktop Client for Windows before version 5.16.0 Zoom Desktop Client for macOS before version 5.16.0 Zoom Mobile App for iOS before version 5.16.0 Zoom Mobile App for Android before version 5.16 .0 Zoom Desktop Client for Linux before version 5.16.0 Zoom Rooms Client for Windows before version 5.16.0 Zoom Rooms Client for macOS before version 5.16.0 Zoom Rooms Client for Android before version 5.16.0 Zoom Rooms Client for iPad before version 5.16.0 Zoom VDI Client before version 5.16.0 (except 5.14.13 and 5.15.11) Zoom Meeting SDK for Windows before version 5.16.0 Zoom Meeting SDK for iOS before version 5.16.0 Zoom Meeting SDK for Android before version 5.16.0 Zoom Meeting SDK for macOS before version 5.16.0 Zoom Meeting SDK for Linux before version 5.16 .0

Please update your Zoom client immediately

Users are encouraged to update their Zoom clients.

Zoom recommends:

“Users can help stay secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.”

Read Zoom’s security bulletin:

Zoom customers: Incorrect authorization

Featured image by Shutterstock/Ink Drop

[ad_2]

Source link

You May Also Like

Las Vegas SEO Co Announces Premier SEO Consultancy Services

Las Vegas SEO Co announces first SEO consulting services

Small seo tools plagiarism checker

Get the highest rank with a small online SEO tool

Local Marketing

The importance of local marketing for home service businesses

MAKE AN IMPACT WITH ADVANCED GENERATIVE ENGINE OPTIMIZATION

Google's advice on fixing broken links for SEO

Google’s unconventional tips for fixing broken backlinks

All the SEO Secrets: The CEO's Advice on Becoming an SEO Expert Transforms Businesses 10,000 Readers

All the SEO Secrets: The CEO’s Advice on Becoming an SEO Expert Transforms Businesses 10,000 Readers

About the Author: Ted Simmons

I follow and report the current news trends on Google news.

Leave a Reply

Your email address will not be published. Required fields are marked *