On October 24th Zoom ( Zoom Video Communications ) announced that all versions prior to 5.12.2 are susceptible to a URL parsing vulnerability. This vulnerability allows an attacker to use custom zoom meeting URLs to redirect zoom users to a site of the actor’s choosing.
Affected Products
- Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2
- Zoom VDI Windows Meeting Clients before version 5.12.2
- Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2
Recommendations
Update to the latest Zoom Version [5.12.3] for the respective platform(s).
For more information: