Zoom Releases Security Updates

Security updates address four vulnerabilities, with one that could allow users to be spoofed and one that could allow arbitrary code execution

Threat ID:: CC-4100
Threat Severity:: Information only
Published:: 26 May 2022 4:39 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address four vulnerabilities, with one that could allow users to be spoofed and one that could allow arbitrary code execution

Affected platforms

The following platforms are known to be affected:

Versions: All Version prior 5.10.0

Zoom

Threat details

Introduction

Zoom has released security updates addressing four vulnerabilities, two that are considered medium and two that are considered high impact. An attacker could compromise users over chat by sending a specially crafted Extensible Messaging and Presence Protocol (XMPP) message, execute arbitrary code, and take control of a system.

Remediation advice

Affected organisations are encouraged to review the following Zoom security advisory and apply any relevant updates.

Definitive source of threat updates

https://explore.zoom.us/en/trust/security/security-bulletin/

CVE Vulnerabilities

CVE-2022-22787

CVE-2022-22786

CVE-2022-22785

CVE-2022-22784

Last edited: 26 May 2022 5:01 pm