CVE-2020-11470
First published: Wed Apr 01 2020(Updated: )
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <=4.6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zoom vulnerability?
The vulnerability ID for this Zoom vulnerability is CVE-2020-11470.
What is the title of this Zoom vulnerability?
The title of this Zoom vulnerability is 'Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement which…'
What is the impact of this Zoom vulnerability?
This Zoom vulnerability allows a local process to obtain unprompted microphone and camera access on macOS.
How can an attacker exploit this Zoom vulnerability?
An attacker can exploit this Zoom vulnerability by loading a crafted library and inheriting Zoom Client's microphone and camera access.
What is the severity rating for this Zoom vulnerability?
The severity rating for this Zoom vulnerability is low.
- collector/nvd-index
- vendor/zoom
- canonical/zoom meetings
- version/zoom meetings/4.6.8