Security: CVE-2018-15715 Follow

In October 2018, Zoom was notified by a security research firm of a security vulnerability discovered in our platform. In theory, this vulnerability could have enabled an attacker who has significant knowledge about an active Zoom meeting to control certain aspects of that session, including controlling features such as ejecting meeting participants, sending spoofed chat messages, and controlling participant microphone muting. If the attacker was also a valid participant in the meeting and another participant was sharing their desktop screen, the attacker could have taken control of that participant’s keyboard and mouse. Zoom is not aware of any actual breach of customer information caused by exploit of this vulnerability.

Immediately after learning of this vulnerability, Zoom began to work on a fix, which was available for Windows, Mac, iOS, and Android in early November. The fix was released for the Zoom SDK in late October 2018 and a fix for the Zoom Linux client was released in late November. Zoom recommends all customers update the Zoom client. Please refer to the patch details in the table below. A fix for the Zoom Rooms clients and the Zoom on premise products (Meeting Connector and Virtual Room Connector) was released in early December.

We take the security of our customers and the Zoom platform very seriously and are taking additional measures to ensure similar vulnerabilities are not introduced to our platform in the future.

 

Fix Versions:

Zoom Client:
Windows: 4.1.34460.1105
Mac: 4.1.34475.1105
Linux: 2.5.146186.1130
IOS: 4.1.18 (4460.1105)
Android: 4.1.34489.1105
Chrome: 3.3.1635.1130 

Zoom Rooms:
Windows: 4.1.6 (35121.1201)
Mac: 4.1.7 (35123.1201)
Chrome: 3.6.2895.1130

Zoom SDK:
Windows: 4.1.30384.1029
Mac: 4.1.34180.1026
IOS: 4.1.34076.1024
Android: 4.1.34082.1024

Zoom Cloud:
Conference Room Connector:Completed 12/6/2018
Skype for Business Connector: Completed 12/1/2018

Zoom On-Premise Products:
Virtual Room Connector: 4.1.4813.1201
Meeting Connector: 4.3.135059.1129
Recording Connector: 3.6.58865.1130

 

Was this article helpful?
Have more questions? Submit a request