RSS   Vulnerabilities for 'Client'   RSS

2020-04-01
 
CVE-2020-11470

CWE-862
 

 
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.

 
 
CVE-2020-11469

CWE-269
 

 
Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.

 
2019-07-12
 
CVE-2019-13567

CWE-20
 

 
The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData.

 

 >>> Vendor: ZOOM 29 Products
Model 5560 x3 ethernet adsl modem
Zoom cloud meetings
ZOOM
Client
Meetings
Sharing service
Call recording
Zoom client for meetings
Zoom on-premise meeting connector controller
Zoom on-premise meeting connector mmr
Zoom on-premise recording connector
Zoom on-premise virtual room connector
Zoom on-premise virtual room connector load balancer
Meetings for chrome os
Virtual desktop infrastructure
Android meeting sdk
Iphone os meeting sdk
Macos meeting sdk
Windows meeting sdk
Android video sdk
Iphone os video sdk
Macos video sdk
Windows video sdk
Hybrid mmr
Hybrid zproxy
Vdi azure virtual desktop
Vdi citrix
Vdi vmware
Vdi windows meeting client


Copyright 2022, cxsecurity.com

 

Back to Top