For a detailed advisory, download the pdf file here.
Two Critical vulnerabilities have been found in Zoom products. These vulnerabilities were discovered by
Natalie Silvanovich, a researcher from Google Project Zero.
The first vulnerability, CVE-2021-34423 is a high severity and a buffer overflow vulnerability. This could
allow an attacker to crash the service or application or exploit the vulnerability by executing an arbitrary code.
The second vulnerability, CVE-2021-34424 is a medium severity and a memory corruption vulnerability.
This flaw could be used to get access to arbitrary parts of the productβs memory.
Both these vulnerabilities can be fixed by updating Zoom products to their latest versions.
<https://explore.zoom.us/en/trust/security/security bulletin/>
<https://securityaffairs.co/wordpress/125122/security/video conferencing software zoom flaws.html>