The impact of this issue announcement is medium. Please act accordingly to rectify the issue, as stated below.
Products affected:
Zoom
What you need to know:
Researchers from Cisco Talos disclosed two critical flaws in the Zoom software that could have allowed attackers to hack into the systems via chat.
Actions to be taken:
Update Zoom application to the latest version (version 4.6.12).
What is the impact of not doing the actions?
“This allows a potential attacker without user interaction to plant arbitrary binaries on target’s computer via automatically extracted zip files. Additionally, a partial path traversal issue allows the specially crafted zip file to write files outside the intended randomly generated directory.”
