Zoom Apps for macOS - Symbolic Link Following

  • ZSB-24040
  • CVE-2024-45418
  • Medium
  • 5.4
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.

 

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

  • Zoom Workplace App for macOS before version 6.1.5
  • Zoom Meeting SDK for macOS before version 6.1.5
  • Zoom Video SDK for macOS before version 6.1.5
  • Zoom Rooms App for macOS before version 6.1.5

Reported by an anonymous researcher.

Revision Date Description
1.0 11/12/2024

Initial publication.