FHN 
Zoom has addressed a set of newly discovered vulnerabilities in its software that could be exploited to gain elevated access or expose sensitive information. These flaws affect Zoom applications on Windows and iOS, with the most critical risks centered around privilege escalation in enterprise environments.
The vulnerabilities allow attackers with basic local access to increase their privileges and operate with administrative-level control. In real-world scenarios, this type of access is often used as a stepping stone for larger attacks, including lateral movement and data exfiltration.
Privilege Escalation Risks in Windows Environments
Two high-severity vulnerabilities, each rated with a CVSS score of 7.8, impact Zoom’s Windows-based components.
The first issue affects Zoom Rooms for Windows and is caused by an untrusted search path vulnerability within the installer. This means the application may load files from unintended locations, allowing attackers to inject malicious code during execution.
The second flaw targets the Zoom Workplace VDI Plugin. It stems from improper control over file names and paths in the installation process. By manipulating these paths, an attacker can execute arbitrary code and escalate privileges.
These vulnerabilities are particularly dangerous because they require minimal effort to exploit once initial access is obtained. Attackers can leverage them to:
- Disable or bypass endpoint security controls
- Access and extract sensitive enterprise data
- Maintain persistence within the environment
- Move laterally across systems inside the network
- Deploy additional payloads such as ransomware
Such privilege escalation flaws are highly valuable in targeted attacks, especially in corporate environments where Zoom is widely used.
iOS Vulnerability and Overall Impact
A separate vulnerability affects Zoom Workplace on iOS devices, though its severity is significantly lower. This issue involves a failure in a protection mechanism that could allow limited data exposure.
However, exploitation requires physical access to the device, which reduces the likelihood of large-scale attacks. Still, it highlights the importance of securing mobile endpoints alongside desktop systems.
The key concern across all these vulnerabilities is the potential for unauthorized access to sensitive data and system resources, particularly in organizations that rely heavily on collaboration tools.
To address these risks, Zoom Video Communications has released security patches for all affected components. Because these flaws are now publicly disclosed, unpatched systems may become targets for active exploitation.
Users and organizations should immediately update:
- Zoom Rooms for Windows to version 7.0.0 or later
- Zoom Workplace VDI Plugin to version 6.6.11 or newer
- Zoom Workplace for iOS to version 7.0.0 or above
Timely patching, combined with proper access controls and endpoint monitoring, is essential to prevent these vulnerabilities from being exploited in real-world attacks.
About the Author
