Zoom announced patches for seven vulnerabilities in its desktop and mobile applications, including a critical-severity bug in Windows software. The critical issue (CVE-2024-24691) could allow an attacker with network access to escalate privileges. Zoom also addressed a high-severity privilege escalation flaw (CVE-2024-24697) impacting Windows applications, which can be exploited locally. Additionally, two medium-severity vulnerabilities leading to information leaks were resolved in the Windows applications. Zoom also warned of three medium-severity vulnerabilities in its desktop and mobile clients that could lead to denial-of-service attacks or information leakage. Users across Windows, macOS, Linux, Android, and iOS are advised to update their applications to the latest versions to mitigate these vulnerabilities.

Read more: https://www.securityweek.com/zoom-patches-critical-vulnerability-in-windows-applications/