An improper authorization vulnerability in the Zoom Workplace URL scheme allows unauthenticated network attackers to escalate privileges within the application.

This is an improper authorization vulnerability in the handler for the custom URL scheme. An unauthenticated attacker with network access can exploit this flaw to escalate privileges within the application.

The CVSS score of 8.1 underscores the critical nature of this privilege escalation flaw. If exploited, an attacker could gain unauthorized administrative or elevated access, resulting in potential data theft, session hijacking, and compromise of communication integrity within the organization.

Immediate Action: Update all instances of Zoom Workplace to version 7.0.4 for Android or 7.0.3 for iOS.

Proactive Monitoring: Review enterprise mobile logs for anomalous activity or unexpected URL scheme calls that deviate from standard user behavior.

Compensating Controls: Utilize endpoint security controls to monitor and restrict the execution of custom URL schemes that are not explicitly required for business operations.

Public Exploit Available: false

Given the potential for privilege escalation, it is imperative to enforce the update to the latest versions of Zoom Workplace across all mobile devices. Security teams should prioritize this deployment to prevent unauthorized escalation and ensure platform integrity.