Upgrading a vulnerable installation to a newer version of the Zoom client before the discovery of the issue would result in a less secure installation of the Zoom client. As soon as the new version of the Zoom client is installed, it is also signed with the weaker key. As soon as the new version of the Zoom client is installed, it is also signed with the weaker key. End users who upgrade their vulnerable installations of Zoom to a less secure version before the discovery of the issue could be exploited. Upgrading a vulnerable installation to a newer version of the Zoom Room for Conference Room before the discovery of the issue would result in a less secure installation of the Zoom Room for Conference Room. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key. End users who upgrade their vulnerable installations of Zoom Rooms for Conference Room to a less secure version before the discovery of the issue could be exploited.
How to stay protected:
Upgrading a vulnerable installation to a newer version of the Zoom client before the discovery of the issue would result in a less secure installation of the Zoom client. As soon as the new version of the Zoom client is installed, it is also signed with the weaker key. As soon as the new version of the Zoom client is installed, it is also signed with the weaker key.
End users who upgrade their vulnerable installations of Zoom to a less secure version before the discovery of the issue could be exploited.
Upgrading a vulnerable installation to a newer version of the Zoom Room for Conference Room before the discovery of the issue would result in a less secure installation of the Zoom Room for Conference Room. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key.
End users who upgrade their vulnerable installations of Zoom Rooms for Conference Room to a less secure version before this discovery could be exploited.
CVE-2021-22787
Upgrading a vulnerable installation to a newer version of the Zoom client before the discovery of the issue would result in a less secure installation of the Zoom client. As soon as the new version of the Zoom client is installed, it is also signed with the weaker key. As soon as the new version of the Zoom client is installed, it is also signed with the weaker key. End users who upgrade their vulnerable installations of Zoom to a less secure version before the discovery of the issue could be exploited. Upgrading a vulnerable installation to a newer version of the Zoom Room for Conference Room before the discovery of the issue would result in a less secure installation of the Zoom Room for Conference Room. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key. End users who upgrade their vulnerable installations of Zoom Rooms for Conference Room to a less secure version before they are not exploitable by this vulnerability.
Zoom Vulnerable Versions and Supported Revisions
The Zoom team has identified that a version of the Zoom client could be vulnerable to this attack. This vulnerability affects all versions of the Zoom client from v4.0.0 to v6.1.0 and is not limited to specific devices or operating systems.
Upgrading a vulnerable installation to a newer version of the Zoom Room for Conference Room before the discovery of the issue would result in a less secure installation of the Zoom Room for Conference Room. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key. As soon as the new version of the Zoom Room for Conference Room is installed, it is also signed with the weaker key. End users who upgrade their vulnerable installations of Zoom Rooms for Conference Room to a less secure version before the discovery of the issue could be exploited.
Timeline
Published on: 05/18/2022 16:15:00 UTC
Last modified on: 05/27/2022 15:29:00 UTC