Vulnerabilities for Client (...) - CXSECURITY.COM

Vulnerabilities for 'Client'

2020-04-01

CVE-2020-11470

CWE-862

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.

CVE-2020-11469

CWE-269

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.

2019-07-12

CVE-2019-13567

CWE-20

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData.

>>> Vendor: ZOOM 29 Products

Model 5560 x3 ethernet adsl modem

Zoom cloud meetings

Sharing service

Zoom client for meetings

Zoom on-premise meeting connector controller

Zoom on-premise meeting connector mmr

Zoom on-premise recording connector

Zoom on-premise virtual room connector

Zoom on-premise virtual room connector load balancer

Meetings for chrome os

Virtual desktop infrastructure

Android meeting sdk

Iphone os meeting sdk

Macos meeting sdk

Windows meeting sdk

Android video sdk

Iphone os video sdk

Macos video sdk

Windows video sdk

Vdi azure virtual desktop

Vdi windows meeting client

Copyright 2024, cxsecurity.com