—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Zoom Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Zoom Workplace for Android before version 7.0.4

Zoom Workplace for iOS before version 7.0.3

Zoom Meeting SDK for Android before version 7.0.4

Zoom Meeting SDK for iOS before version 7.0.3

Remote Control for Zoom Contact Center for Windows before version 7.0.0

Overview

Multiple vulnerabilities have been reported in Zoom products which could be exploited by an attacker to gain elevated privileges or perform unauthorized actions on the targeted system.

Target Audience:

All organizations and individuals using affected versions of Zoom products.

Risk Assessment:

High risk of privilege escalation, unauthorized access and compromise of affected systems.

Impact Assessment:

Potential for unauthorized access, elevated privileges and compromise of sensitive information on affected systems.

Description

Zoom provides video conferencing, collaboration, communication and contact center solutions for enterprise and individual users.

Multiple vulnerabilities have been reported in Zoom products due to improper authorization in the handler for a custom URL scheme in Zoom Workplace and Zoom Meeting SDK for Android and iOS, and insufficient verification of data authenticity in Remote Control for Zoom Contact Center for Windows.  An attacker could exploit these vulnerabilities through network or local access to the affected system.

Successful exploitation of these vulnerabilities could allow by an attacker to gain elevated privileges or perform unauthorized actions on the targeted system.

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:

https://www.zoom.com/en/trust/security-bulletin/zsb-26009/

https://www.zoom.com/en/trust/security-bulletin/zsb-26010/

Vendor Information

Zoom Products

https://www.zoom.com/en/trust/security-bulletin/

References

 

https://www.zoom.com/en/trust/security-bulletin/zsb-26009/

https://www.zoom.com/en/trust/security-bulletin/zsb-26010/

CVE Name

CVE-2026-53406

CVE-2026-53407

CVE-2026-53408

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmowEfwACgkQ3jCgcSdc

ys9kvhAApPlUBTuMknyjwGRIUYNhjxZxnaW8s/ZvZRf4nPrCpj7CC1HQ+n5l8zwo

dpQ2xaNAYqrxXRslkuJf9vrz5YBW56v3tLwOYhWopdnDQuV0Z0C7+a0Qq5r+MjXg

7Q5KPHTyWZEw65QnCvtH56Kr1yZk7qBr5mkeLf0s7zmwzGnuAShsy3omGTE5wt97

ImjaYKRVAvy+Jf1zx8MDr1tlupWNflR2HqlhqZWNdPno5Yj5pMpildD5kjoKtYqg

8IfEO0M8uTKuSnKT7YYYSbZvhpgTmtGNYqdTe04393Hny/wMfG4FWAPulLgIt82Y

2CuQ0r9FlEYDGieXK09nCEDQ1xeptHxMEb+6+vU7ULdY+4+AEOhwj7a53rfVCB5A

ClWrn0jKS7YpKbZTkX4/pCtXzTsXLvahqOedF6mCVNocyzVaXyEn+/DRBloiCdUV

mBrnP6DDQs5njKorFrhmHg2cGbTsDhqhy37Wj/sYZURMF2jLccqYnvVNx1PZibwB

ywVqui/NCar79TeNfpJpkd1rfG7ax2IDGrFJlHOflWx5lhkQkHU+5sr3rWvouS5c

jpcUd+y+t4xEpZNlo/AKFklwDT6REjczjRV2e8qiOTyPaTEu1atZDLCD7dTN1Fts

HPSdu+GPjabPUK692YDqiPDOEk4qaA9BE4qxppyxaY+NkNqyli0=

=KE+M

—–END PGP SIGNATURE—–