CVE-2024-42441 – A privilege escalation vulnerability in Zoom's ... (How to Fix)

Q: What is the severity of CVE-2024-42441?

CVE-2024-42441 has a CVSS score of 6.2 (MEDIUM). A privilege escalation vulnerability in Zoom's macOS installers allows local privileged users to gain higher system privileges. This affects Zoom Workplace Desktop App, Zoom Meeting SDK, and Zoom Rooms Client for macOS. Only macOS systems with affected Zoom versions are impacted.

📋 TL;DR

A privilege escalation vulnerability in Zoom's macOS installers allows local privileged users to gain higher system privileges. This affects Zoom Workplace Desktop App, Zoom Meeting SDK, and Zoom Rooms Client for macOS. Only macOS systems with affected Zoom versions are impacted.

💻 Affected Systems

Products:

Zoom Workplace Desktop App for macOS
Zoom Meeting SDK for macOS
Zoom Rooms Client for macOS

Versions: Versions before 6.1.5

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access and existing privileged user account on the macOS system.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

A local privileged user could gain root-level access to the macOS system, enabling complete system compromise, data theft, and persistence.

🟠

Likely Case

A local administrator or user with sudo privileges could elevate to root to install malware, modify system files, or access other user data.

🟢

If Mitigated

With proper access controls and least privilege principles, impact is limited to authorized administrative actions within expected boundaries.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing local access, not remotely exploitable.

🏢 Internal Only: HIGH - Internal users with local administrative privileges could exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and existing user privileges. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.1.5 or later

Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-24034

Restart Required: Yes

Instructions:

1. Open Zoom application. 2. Click your profile picture. 3. Select 'Check for Updates'. 4. Install version 6.1.5 or newer. 5. Restart the application and system if prompted.

🔧 Temporary Workarounds

Remove local admin privileges

all

Restrict local administrative access to minimize attack surface

Disable affected Zoom applications

linux

Temporarily disable Zoom until patching is possible

sudo rm -rf /Applications/zoom.us.app

🧯 If You Can't Patch

Implement strict least privilege access controls for local user accounts
Monitor for unusual privilege escalation attempts using macOS security logs

🔍 How to Verify

Check if Vulnerable:

Check Zoom version in application settings or run: defaults read /Applications/zoom.us.app/Contents/Info.plist CFBundleShortVersionString

Check Version:

defaults read /Applications/zoom.us.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify version is 6.1.5 or higher using the same command

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation events in macOS system logs
Zoom installer processes running with unexpected privileges

Network Indicators:

None - this is a local privilege escalation

SIEM Query:

source="macos_system_logs" AND (event="privilege_escalation" OR process="zoom" AND action="install")

📊 Metadata

CVE ID: CVE-2024-42441

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-266

Published: August 14, 2024

Last Updated: October 2, 2025

🔗 References

https://www.zoom.com/en/trust/security-bulletin/zsb-24034 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42441, you might also want to check these: