Hej alla!
Detta kom precis från NORDUnet.
mvh
Monika Allöv Andersson
Systemförvaltare/System administrator
SUNET Mediateam
---------- Forwarded message ---------
Från: Bo Ståhle <bss(a)nordu.net>
Date: tors 11 aug. 2022 kl 07:40
Subject: A couple of security things for Zoom Client and related software
To: Thorkild Jensen <thorkild.jensen(a)deic.dk>, Monika Allöv Andersson <
monika.allov-andersson(a)sunet.se>, Harald Höckerstedt <
Harald.hockerstedt(a)csc.fi>, Sampsa Kares <sampsa.kares(a)csc.fi>, Magnus
Strømdal <magnus.stromdal(a)sikt.no>, Jardar Leira <jardar.leira(a)sikt.no>, <
salu(a)sunet.se>
Hi All,
Please make sure alle clients are upgraded to the latest version (at least
for MacOS and beyond 5.11.0 for windows)
There is also one for Zoom Rooms for Windows and a couple of On-Premise
server ones.
https://explore.zoom.us/en/trust/security/security-bulletin/
ZSB-22016 08/09/2022 Improper URL parsing in Zoom Clients Critical
CVE-2022-28755
*Severity*: Critical
*CVSS Score*: 9.6
*CVSS Vector String*: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
*Description*: The Zoom Client for Meetings (for Android, iOS, Linux,
macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing
vulnerability. If a malicious Zoom meeting URL is opened, the malicious
link may direct the user to connect to an arbitrary network address,
leading to additional attacks including the potential for remote code
execution through launching executables from arbitrary paths.
Users can help keep themselves secure by applying current updates or
downloading the latest Zoom software with all current security updates from
https://zoom.us/download.
*Affected Products*:
- Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)
before version 5.11.0
- Zoom VDI Windows Meeting Clients before version 5.10.7
Source: Reported by Zoom Security Team
ZSB-22017 08/09/2022 Local Privilege Escalation in Zoom Client for Meetings
for MacOS High CVE-2022-28751
*Severity*: High
*CVSS Score*: 8.8
*CVSS Vector String*: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
*Description*: The Zoom Client for Meetings for MacOS (Standard and for IT
Admin) before version 5.11.3 contain a vulnerability in the package
signature validation during the update process. A local low-privileged user
could exploit this vulnerability to escalate their privileges to root.
Users can help keep themselves secure by applying current updates or
downloading the latest Zoom software with all current security updates from
https://zoom.us/download.
*Affected Products*:
- Zoom Client for Meetings for MacOS (Standard and for IT Admin) before
version 5.11.3
Source: Reported by Patrick Wardle of Objective-See
Kind regards,
Bo S Ståhle
Media Services Engineer
NORDUnet A/S
Kastruplundgade 22, 1. floor
DK-2770 Kastrup
+4532462500