ZOOM Product Security Update Advisory (CVE-2024-39818, CVE-2024-39825)

Aug 20 2024

Overview

An update has been released to address vulnerabilities in ZOOM products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-39818

Zoom Workplace App 6.0.10 or below (iOS)
Zoom Workplace Desktop 6.0.10 or below (Linux, Windows, macOS)
Zoom Workplace VDI Client 5.17.13 or below (Windows)
Zoom Meeting SDK 6.0.10 or below (Windows, iOS, Android, macOS, Linux)

CVE-2024-39825

Zoom Workplace Desktop App 6.0.0 or below (Linux, Windows, macOS)
Zoom Workplace VDI Client 5.17.13 or below (Windows)
Zoom Workplace App 6.0.0 or below (iOS, Android)
Zoom Rooms App 6.0.0 or below (Windows, Mac, iPad)

Resolved Vulnerabilities

A flaw in the protection mechanism in some Zoom Workplace apps and SDKs could allow authenticated users to disclose information via network access (CVE-2024-39818)
Buffer overflow in some Zoom Workplace apps and room clients could allow authenticated users to escalate privileges via network access (CVE-2024-39825)

Vulnerability Patches

The following product-specific Vulnerability Patches are available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-39818, CVE-2024-39825

See Referenced Sites[3] to update

Referenced Sites

[1] Zoom Workplace Apps and SDKs – Protection Mechanism Failure

https://www.zoom.com/en/trust/security-bulletin/zsb-24025/

[2] Zoom Workplace Apps and Rooms Clients – Buffer Overflow

https://www.zoom.com/en/trust/security-bulletin/zsb-24022/

[3] Download Center

https://zoom.us/download?amp_device_id=c155bbb3-3416-4cfe-8668-09c0d5fb9684

ZOOM Product Security Update Advisory (CVE-2024-39818, CVE-2024-39825)

F5 (BIG-IP, NGINX) Family August 2024 Security Update Advisory

Dell Family Security Update Advisory

Tags:

F5 (BIG-IP, NGINX) Family August 2024 Security Update Advisory

Dell Family Security Update Advisory