Zoom Addressed Seven Vulnerabilities Across Windows, iOS, and Android, Including One Critical (CVE-2024-24691)

Zoom, the well-known video conferencing platform, patched 7 security vulnerabilities in a recent update. These vulnerabilities range in severity from medium to critical, and they affect a variety of systems: Windows, iOS, and Android.

Details of the Critical Zoom Vulnerability, CVE-2024-24691

The most serious vulnerability in the update is identified as CVE-2024-24691, which has a critical CVSS score of 9.6. It is the result of an improper input validation. According to Zoom, CVE-2024-24691 can enable an unauthenticated threat actor to escalate privileges via network access.

Vulnerability card of CVE-2024-24691 (SOCRadar Vulnerability Intelligence)

The critical vulnerability affects the following Zoom products and versions:

Zoom Desktop Client for Windows before version 5.16.5
Zoom VDI Client for Windows before version 5.16.10 (excluding 5.14.14 and 5.15.12)
Zoom Meeting SDK for Windows before version 5.16.5
Zoom Rooms Client for Windows before version 5.17.0

The other recent vulnerabilities addressed by Zoom are all of medium severity and are identified as follows:

CVE-2024-24697 (CVSS: 7.2) – Untrusted Search Path Vulnerability
CVE-2024-24695 (CVSS: 6.8) – Improper Input Validation Vulnerability
CVE-2024-24696 (CVSS: 6.8) – Improper Input Validation Vulnerability
CVE-2024-24699 (CVSS: 6.5) – Business Logic Error
CVE-2024-24690 (CVSS: 5.4) – Improper Input Validation Vulnerability
CVE-2024-24698 (CVSS: 4.9) – Improper Authentication Vulnerability

The most severe of these medium-severity vulnerabilities, CVE-2024-24697, entails an untrusted search path in certain Zoom 32-bit Windows clients. Zoom states that the vulnerability can allow an authenticated user to escalate privileges via local access.

After successfully exploiting these vulnerabilities, attackers may be able to disrupt meetings and steal sensitive information. Individuals and organizations utilize the video conferencing platform all across the world, thus the effects of these vulnerabilities might spread quickly if attackers target them.

Leverage SOCRadar’s Vulnerability Intelligence to stay informed about hacker trends and gain access to detailed information on identified vulnerabilities. Additionally, through the module, you can easily view if any exploits have been detected for a specific vulnerability.

SOCRadar Vulnerability Intelligence

Apply Zoom Updates to Prevent Exploitation

Implementing the most recent Zoom updates is vital for preventing the exploitation of the critical CVE-2024-24691 vulnerability, and others. You can check for updates directly in the Zoom client, or visit the Zoom Download Center.

SOCRadar’s extensive vulnerability monitoring allows you to stay one step ahead in securing your organization’s assets and components. The Attack Surface Management (ASM) module gives essential insights into the vulnerabilities that affect your assets, allowing you to properly prioritize patching operations.