InfoSecBulletin Cybersecurity for mankind
A new set of flaws in Zoom’s software can let hackers take control of systems. Zoom has launched security updates to fix three different flaws in its Windows and iOS apps.
The most serious of these flaws lets authorized attackers gain higher system powers, changing a regular user account into a major administrative risk.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
Zoom Rooms and Workplace Flaws
The first issue affects Zoom Rooms for Windows. Known as CVE-2026-30906, this serious flaw has a CVSS score of 7.8 out of 10. The flaw comes from a weak point in the software’s installer. If someone already has normal access to a computer, they can use this flaw to gain higher access.
Hackers often use this access to disable security tools, steal important company data, or install ransomware. This weakness affects all versions of Zoom Rooms for Windows before 7.0.0.
Security researcher “sim0nsecurity” discovered a second high-severity bug in the Zoom Workplace VDI Plugin for Windows.
This flaw is dubbed CVE-2026-30905 and has a CVSS score of 7.8. It happens because a file name or path is controlled externally in the software’s Windows Universal Installer.
This Zoom Rooms bug allows a local user with permission to start a privilege escalation attack. It affects the Zoom Workplace VDI Plugin version 6.6.10 and needs a quick update to version 6.6.11 or later.
While Windows systems have the highest risks, mobile users are also impacted by these updates. Zoom Workplace on iOS has a less serious problem known as CVE-2026-30904.
This issue involves a failure of a protection mechanism that could lead to unauthorized information disclosure.
With a CVSS score of 1.8, the risk is low right now because the attacker needs to physically access the target’s iOS device.
However, it still represents a frustrating privacy breach for affected users. Security researcher “errorsec_” reported this flaw, which affects all iOS app versions older than 7.0.0.
Zoom strongly encourages all users, IT admins, and remote workers to install the latest security updates right away. Users can protect their devices by getting the newest, updated software from the official Zoom download center.
