In October 2018, Zoom was notified by a security research firm of a security vulnerability discovered in our platform. In theory, this vulnerability could have enabled an attacker who has significant knowledge about an active Zoom meeting to control certain aspects of that session, including controlling features such as ejecting meeting participants, sending spoofed chat messages, and controlling participant microphone muting. If the attacker was also a valid participant in the meeting and another participant was sharing their desktop screen, the attacker could have taken control of that participant’s keyboard and mouse. Zoom is not aware of any actual breach of customer information caused by exploit of this vulnerability.
Immediately after learning of this vulnerability, Zoom began to work on a fix, which was available for Windows, Mac, iOS, and Android in early November. The fix was released for the Zoom SDK in late October 2018 and a fix for the Zoom Linux client was released in late November. Zoom recommends all customers update the Zoom client. Please refer to the patch details in the table below. A fix for the Zoom Rooms clients and the Zoom on premise products (Meeting Connector and Virtual Room Connector) was released in early December.
We take the security of our customers and the Zoom platform very seriously and are taking additional measures to ensure similar vulnerabilities are not introduced to our platform in the future.
IOS: 4.1.18 (4460.1105)
Windows: 4.1.6 (35121.1201)
Mac: 4.1.7 (35123.1201)
Conference Room Connector:Completed 12/6/2018
Skype for Business Connector: Completed 12/1/2018
Zoom On-Premise Products:
Virtual Room Connector: 4.1.4813.1201
Meeting Connector: 4.3.135059.1129
Recording Connector: 3.6.58865.1130