Path Traversal in Zoom for Android Clients

Vulnerability

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability [1]. A malicious third-party app installed on the same device can exploit this flaw to read from and write to the Zoom application data directory. The vulnerability exists in the file handling logic of the Zoom Android client, allowing directory traversal outside of the intended sandbox.

Exploitation

An attacker requires the ability to install a third-party app on the victim's Android device. No additional authentication or user interaction beyond installation of the malicious app is needed. The exploit leverages the path traversal weakness to access files in the Zoom app's private data directory, bypassing Android's normal app sandbox restrictions.

Impact

Successful exploitation allows an attacker to read sensitive data stored by the Zoom application (such as chat logs, meeting recordings, or cached credentials) and write arbitrary files into the Zoom data directory. This could lead to further compromise of the application’s integrity or data injection attacks.

Mitigation

Zoom released version 5.13.0 for Android to address this vulnerability [1]. Users should update their Zoom client to 5.13.0 or later via the Google Play Store or Zoom's official channel. No workaround is available; updating is the recommended mitigation.