On 11/29/2018, a flaw in the Zoom client (for Windows, Mac, and Linux) allowed an attacker to hijack control of the presenter's desktop, send spoofed messages and kick attendees out of the Zoom meeting (CVE-2018-15715).
The flaw was due to a lack of message validation in Zoom’s client and servers, and mainly impacted one-on-one (P2P) sessions due to the nature of how information is shared.
As of 12/3/2018, Zoom has patched its servers and pushed out client updates (for Windows, Mac, and Linux) to stop these types of attacks. The update should automatically pop-up the next time a user starts the application, if they are not already up-to-date.
For more details about this issue, please see:
For assistance with any technology product or service at CWRU, please contact the [U]Tech Service Desk at firstname.lastname@example.org / 216.368.HELP (4357) or visit help.case.edu.