Zoom Video Conferencing App Vulnerability Allows Hackers to Take Over Your Computer

CVECVE-2024-24691
CVSScvssV3_1: 9.6
SourceCVE-2024-24691

The popular video conferencing tool Zoom was found to have a vulnerability that could allow hackers to gain control of users’ computers without authentication.

The vulnerability tracked as CVE-2024-24691 has a CVSS score of 9.6 out of 10, meaning it is highly critical. It is caused due to improper input validation in the Zoom desktop client for Windows. This allows malicious actors on the same network as the target user to conduct privilege escalation attacks.

In simple terms, hackers could exploit this vulnerability to take over users’ computers that have the Zoom app installed, even without the need for login credentials. They just need to be on the same network as the target system, such as a local WiFi network at home or in an office.

Once they gain control, attackers can do serious damage like installing malware, stealing sensitive files and passwords, using the system to launch other attacks, and more. This puts users’ privacy, finances and entire digital lives at risk.

The best way to protect yourself is to make sure your Zoom desktop app and Zoom Meeting SDK for Windows are updated to the latest versions, which have likely addressed this vulnerability already. You should also use a firewall and antivirus software to block unauthorized network access. Avoid using public WiFi networks for important tasks if possible until Zoom fixes all issues.

References