On April 2, Zoom released emergency patches for two zero-day vulnerabilities that were disclosed by a security researcher on April 1, 2020, as well as another flaw that could give remote attackers the ability to steal users' Windows log-in credentials and execute arbitrary commands. Given the sudden mission-critical nature of Zoom, all users should update their Zoom installations immediately. Zoom does not have automatic updates. While it does occasionally notify a user of an available update, the user has to accept and click through the update process:
On either Windows or Mac, click on Update on the window, but if you don't see it:
- For Windows, go to the System Tray, right click on Zoom and select Check for Updates.
- For Mac, click on zoom.us on the menu bar and select Check for Updates
You should be on Version 4.6.9 (19253.0401) for Windows, 4.6.9 (19273.0402) for Mac
You can read more about the vulnerabilities and the disclosure process at the Government Information Security website.
To read the message from the CEO of Zoom regarding increased usage and security concerns: blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
If you have any questions or concerns, please contact the SOC at security@ucsb.edu.