Important Notice: Please begin updating all your clients to Zoom 5.0. After May 30, 2020, all Zoom clients on older versions will receive a forced upgrade when trying to join meetings as GCM Encryption will be fully enabled across the Zoom platform. Click here for more information on the changes and how to update your Zoom application or download now.

Note: As our world comes together to slow the spread of COVID-19 pandemic, the Zoom Support Center has continued to operate 24x7 globally to support you. Please see the updated Support Guidelines during these unprecedented times.



Security: Logjam Updates Follow

Overview

The Logjam vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using Diffie-Hellman key exchange to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the TLS connection for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

What versions of OpenSSL are affected?

Status of OpenSSL versions:

  • OpenSSL 1.0.2 and 1.0.2a are vulnerable. 
  • OpenSSL 1.0.1 through 1.0.1m are vulnerable.

This vulnerability was discovered on 20th of May 2015. OpenSSL 1.0.2b released on 11th of June 2015 fixes this vulnerability by rejecting handshakes shorter than 768 bits. 

How does this affect Zoom clients/apps?

  • Zoom clients use OpenSSL 1.0.0 are NOT vulnerable.

How does this affect the Zoom cloud (zoom.us)?

  • Zoom application servers that run on the Zoom cloud use OpenSSL 1.0.0 and are NOT vulnerable.

How does this affect my password?

We have found no reason to believe that any user data or credentials were compromised.