Home/News/Zoom Warns of Critical Account Takeover Vulnerability
BleepingComputer2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

Zoom Warns of Critical Account Takeover Vulnerability

Zoom issued a security advisory this week detailing a critical vulnerability affecting its desktop client and software development kit (SDK) for Windows. This flaw, identified as CVE-2024-28982, could enable an unauthenticated attacker to gain unauthorized access to user accounts. The vulnerability specifically targets the desktop client versions 5.17.0 through 5.17.11 and the SDK versions 5.17.0 through 5.17.11.

According to Zoom's advisory, the vulnerability stems from improper access control within the client. An attacker could exploit this by tricking a user into opening a malicious executable, which would then allow the attacker to hijack the user's Zoom session. This means an attacker could potentially impersonate the user, access their contacts, and view or participate in their meetings without proper authentication. Zoom has stated that it is not aware of any public or private exploitation of this vulnerability at this time.

Zoom has released updated versions of its desktop client and SDK to address this critical issue. Users are strongly advised to update their Zoom desktop client to version 5.17.12 or later, and developers using the SDK should update to version 5.17.12 or later. The company has provided specific instructions and links for downloading the patched versions on its security center page. This proactive warning and rapid patching demonstrate Zoom's commitment to user security in the face of evolving cyber threats.

Original source — read the full reporting at the publisher:

Read on BleepingComputer

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next