Note: As our world comes together to slow the spread of COVID-19 pandemic, the Zoom Support Center has continued to operate 24x7 globally to support you. Please see the updated Support Guidelines during these unprecedented times.

Note: We have identified an issue causing a subset of users to experience issues displaying live meeting information in Dashboard and Reports, accessing Webinar Registration links and delays in accessing cloud recording links. Please see our Status Page for more information.

Security: Heartbleed Updates Follow


The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

What versions of the OpenSSL are affected?

Status of different versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

How does this affect the Zoom clients/apps? 

  • Zoom clients use OpenSSL 1.0.0 and are NOT vulnerable

How does this affect the Zoom cloud ( 

  • Zoom application servers that run on the Zoom cloud use OpenSSL 1.0.0 and are NOT vulnerable
  • We regenerated the private key and new certificate for * was deployed on AWS ELB
  • We also re-keyed the API key and pass for all 3rd party service integration

How does this affect my password? 

We have found no reason to believe that any user data or credentials were compromised.