Tech

Zoom patches critical security flaw which could have let hackers hijack accounts

Published

on


  • Zoom patches critical improper input validation flaw in multiple Windows clients and SDKs that allowed remote account takeover
  • Additional high‑severity bugs fixed include CVE‑2026‑53410 (TOCTOU race condition), CVE‑2026‑53409 (privilege management flaw), and CVE‑2026‑53411 (input validation issue)
  • All vulnerabilities were found internally, with no evidence of exploitation; users are urged to update Zoom Workplace and related products to the latest versions

Zoom has patched a critical-level vulnerability in multiple products that allowed threat actors to take over people’s accounts remotely.

In a security advisory, Zoom said it fixed an Improper Input Validation bug plaguing Zoom Desktop Client for Windows (before version 7.0.0), Zoom VDI Client for Windows (before versions 7.0.10, 6.6.15, and 6.5.18), and Zoom Meeting SDK for Windows (before version 7.0.0). It did not go into more details on how the flaw works.

The bug is now tracked as CVE-2026-53412, and was given a severity score of 9.8/10 (critical). To fix it, users are advised to update their software to the newest version.

Latest Videos From

More vulnerabilities

While certainly the most dangerous one, this is not the only bug Zoom recently addressed. The company also fixed a handful of less severe vulnerabilities, including a time-of-check to time-of-use (TOCTOU) race condition bug affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. This bug is tracked as CVE-2026-53410 and was given a “high” severity score of 7/10.

Advertisement

Other notable mentions include CVE-2026-53409 (a high-severity improper privilege management flaw in Zoom Rooms for Windows before version 7.1.0), and

CVE-2026-53411 (a high-severity improper input validation flaw affecting the Zoom Workplace VDI Plugin for Windows before version 6.6.14).

Zoom found all of these vulnerabilities in-house and says there is no evidence that any of these were abused in real-life attacks in the past.

Advertisement

Zoom Workplace (the company’s all-in-one collaboration platform) offers video meetings, team chat, phone, email, calendar, scheduling, whiteboards, and other productivity tools. It is an evolution of the original Zoom Meetings app which now competes with platforms such as Microsoft 365 and Google Workspace.

Via BleepingComputer


The best antivirus for all budgets


Advertisement

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.


Source link

Advertisement

You must be logged in to post a comment Login

Leave a Reply

Cancel reply

Trending

Exit mobile version