This issue was addressed in version 5.9.7, which now includes a checking mechanism that prevents the installer from repairing if the machine on which it is run has been tampered with. In addition, the aforementioned versions of Zoom Products released prior to version 5.9.7 were also impacted by a potential remote attack vector. Hackers could have used this to install a malicious application onto the system of unsuspecting end users.

Zoom Product Installation Vulnerability

Zoom Remote Desktop Services (RDS) is an app used for remote control of a PC. The software allows users to connect and use their own PC at home or work. The product is typically installed on a machine that already has another RDS app installed, such as the Zoom Telepresence app.
VPN-2022-22782
This vulnerability was addressed in version 5.9.7, which now includes a checking mechanism that prevents the installer from repairing if the machine on which it is run has been tampered with. In addition, the aforementioned versions of Zoom Products released prior to version 5.9.7 were also impacted by a potential remote attack vector. Hackers could have used this to install a malicious application onto the system of unsuspecting end users.

What to do if you are affected?

If you have a version of Zoom Products prior to 5.9.7 and your machine is running, it is recommended that you update the software immediately. This can be done by following the instructions below:
- Click on Settings
- Select Check for Updates
- If an update is available, click on Download now

Timeline

Published on: 04/28/2022 15:15:00 UTC
Last modified on: 05/09/2022 18:30:00 UTC

References