CVE-2021-34409

Name of the Vulnerable Software and Affected Versions: Zoom Client for Meetings for MacOS versions prior to 5.2.0 Zoom Client Plugin for Sharing iPhone/iPad versions prior to 5.2.0 Zoom Rooms for Conference versions prior to 5.1.0

Description: A flaw was discovered in the installation packages of certain Zoom products, where pre- and post-installation shell scripts are copied to a user-writable directory. This could allow a malicious actor with local access to a user's machine to potentially run arbitrary system commands in a higher privileged context during the installation process, leading to privilege escalation to root.

Recommendations: For Zoom Client for Meetings for MacOS versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. For Zoom Client Plugin for Sharing iPhone/iPad versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. For Zoom Rooms for Conference versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue.