Google Project Zero researchers have found critical vulnerabilities in Zoom’s client and server. These vulnerabilities enable malicious actors to compromise users over Zoom chat over the XMPP protocol, according to the bug report by Ivan Fratric, a Google Project Zero researcher. Also noteworthy is the fact that it can be done without arousing victims’ suspicions because no input from the victims is required.
According to CVE Details, the CVE-2022-22786 vulnerability only affects Zoom clients running on Windows, while the other three (CVE-2022-22784, CVE-2022-22785, and CVE-2022-22787) impact Android, iOS, Linux, macOS, and Windows.
To patch the vulnerabilities, users are advised to update their Zoom clients to version 5.10.0. You can configure your Zoom client to automatically update to the latest version in the settings menu.
To make detecting and removing vulnerabilities as easy as possible, it’s worth trying the Vulnerability Scan feature in Cleaner One Pro. It scans your computer to detect vulnerabilities and suggest remedial actions.
As this is a brand-new feature, if you already have Cleaner One Pro installed, please ensure it is updated to the latest version. For those who haven’t downloaded Cleaner One Pro yet, you can get it for free here: Cleaner One Pro for Mac, Cleaner One Pro for Windows.
Cleaner One Pro is an all-in-one disk cleaner that declutters your computer and protects it against attacks and vulnerabilities.
If you’ve found this article useful, please SHARE it with your family and friends.