Zoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691)

Home/Android malware, BOTNET, Exploitation, Internet Security, Malware, Mobile Security, Security Advisory, Security Update, vulnerability, windows/Zoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691)

Zoom patched seven vulnerabilities across Windows, iOS, and Android, including one critical flaw (CVE-2024-24691)

Zoom, the well-known video conferencing platform, recently patched 7 security vulnerabilities in a recent update. These vulnerabilities range in severity from medium to critical, and they affect a variety of systems: Windows, iOS, and Android. The critical vulnerability (CVE-2024-24691) addressed in this update could potentially allow attackers to execute arbitrary code on vulnerable systems, highlighting the importance of promptly applying security patches.

Zoom Vulnerability – CVE-2024-24691

The most serious vulnerability addressed in the update is identified as CVE-2024-24691, with a critical CVSS score of 9.6. This vulnerability stems from improper input validation and, according to Zoom, could allow an unauthenticated threat actor to escalate privileges via network access.


The critical vulnerability affects the following Zoom products and versions:

  • Zoom Desktop Client for Windows versions prior to 5.16.5
  • Zoom VDI Client for Windows versions prior to 5.16.10 (excluding 5.14.14 and 5.15.12)
  • Zoom Meeting SDK for Windows versions prior to 5.16.5
  • Zoom Rooms Client for Windows versions prior to 5.17.0


The other recent vulnerabilities addressed by Zoom are all of medium severity and are identified as follows:

  • CVE-2024-24697 (CVSS: 7.2) – Untrusted Search Path Vulnerability
  • CVE-2024-24695 (CVSS: 6.8) – Improper Input Validation Vulnerability
  • CVE-2024-24696 (CVSS: 6.8) – Improper Input Validation Vulnerability
  • CVE-2024-24699 (CVSS: 6.5) – Business Logic Error
  • CVE-2024-24690 (CVSS: 5.4) – Improper Input Validation Vulnerability
  • CVE-2024-24698 (CVSS: 4.9) – Improper Authentication Vulnerability

The most severe of these medium-severity vulnerabilities, CVE-2024-24697, involves an untrusted search path in certain Zoom 32-bit Windows clients. Zoom states that the vulnerability can allow an authenticated user to escalate privileges via local access.

Upon successfully exploiting these vulnerabilities, attackers may disrupt meetings and steal sensitive information. Given the widespread use of the video conferencing platform by individuals and organizations worldwide, the effects of these vulnerabilities could spread rapidly if attackers target them.

Apply Zoom Updates to Prevent Exploitation

It’s crucial to implement the latest Zoom updates to prevent the exploitation of critical vulnerabilities like CVE-2024-24691, along with others. You can check for updates directly within the Zoom client or by visiting the Zoom Download Center.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 190
By | 2024-02-15T20:44:56+05:30 February 15th, 2024|Android malware, BOTNET, Exploitation, Internet Security, Malware, Mobile Security, Security Advisory, Security Update, vulnerability, windows|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!