Security: CVE-2018-15715-Zoom app

 

 

 

Overview

Zoom’s vulnerability “CVE-2018-15715” was discovered in October 2018.
As a result of this vulnerability, a remote attacker or attacker may use as follows:

  1. Control the participant’s keyboard and mouse

 

If the participant is sharing the screen, bypass the screen control permission while the unauthorized attendee is sharing the screen,

You can control the participant’s keyboard and mouse, and control the victim’s desktop.

  2. Send a chat message

 

I spoof a person who is present at a meeting and send a chat message.

  3. Leave attendees from the meeting room.

 

An attendee other than the host leaves the other attendees.

You can control other microphone mutes.

Until now, there has been no report of the actual damage caused by exploiting this vulnerability.

 

Measures

Immediately after this vulnerability has been discovered, Zoom, Inc. Windows, Mac, iOS, the Android
is now embarked on the development of the modification programs available so we modified version of the following is released
we recommend the implementation of the update You

  • What is the current version?
  • Version upgrade procedure

Zoom takes the security of our customers and the Zoom platform very seriously and has taken
additional steps to keep it from being affected by similar vulnerabilities.

 

Modified version:

Zoom Client:
Windows: 4.1.34460.1105 or later
Mac: 4.1.34475.1105 or later
Linux: 2.5. 146186.1130 or later
IOS: 4.1.18 (4460.1105) or later
Android: 4.1.34489.105 or later
Chrome: 3.3.1635.1130 or later

Zoom Rooms:
Windows: 4.1.6 (35121.1201) or later
Mac: 4.1.7 (35123.1201) or later
Chrome: 3.6.2895.1130 or later

Zoom SDK:
Windows: 4.1.30384.1029 or later
Mac: 4.1.3418.1026 or later
IOS: 4.1.40376.1024 or later
Android: 4.1.34082.1024 or later

Zoom Cloud:
/>Meeting room connector: Completed product 12/6/2018 or later
Skype for the Business connector: Completed product 12/2/2018 or later

On-premises product:
Virtual room connector: 4.1.4813.1201 or later
Conference connector: 4.3.135059.1129 or later
Recording connector: 3.6.58865.1130 or later

 

Leave a Comment