{"id":46643,"date":"2025-09-09T15:23:21","date_gmt":"2025-09-09T08:23:21","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=46643"},"modified":"2025-09-12T15:24:03","modified_gmt":"2025-09-12T08:24:03","slug":"zoom-va-nhieu-lo-hong-bao-mat-quan-trong-tren-windows-va-macos","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/zoom-va-nhieu-lo-hong-bao-mat-quan-trong-tren-windows-va-macos\/","title":{"rendered":"Zoom v\u00e1 nhi\u1ec1u l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt quan tr\u1ecdng tr\u00ean Windows v\u00e0 macOS"},"content":{"rendered":"<p><b>Zoom v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt quan tr\u1ecdng cho c\u00e1c \u1ee9ng d\u1ee5ng c\u1ee7a m\u00ecnh, bao g\u1ed3m Zoom Workplace v\u00e0 c\u00e1c client tr\u00ean Windows l\u1eabn macOS, nh\u1eb1m kh\u1eafc ph\u1ee5c nhi\u1ec1u l\u1ed7 h\u1ed5ng v\u1edbi m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng t\u1eeb trung b\u00ecnh \u0111\u1ebfn cao.<\/b><\/p>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"zoom.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/zoom-png.17600\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"zoom.png\" src=\"https:\/\/whitehat.vn\/attachments\/zoom-png.17600\/\" alt=\"zoom.png\" width=\"700\" height=\"390\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<p>B\u1ea3n v\u00e1 m\u1edbi nh\u1ea5t \u0111\u1eb7c bi\u1ec7t ch\u00fa tr\u1ecdng v\u00e0o m\u1ed9t l\u1ed7 h\u1ed5ng \u201cMissing Authorization\u201d m\u1ee9c cao, \u0111\u01b0\u1ee3c \u0111\u00e1nh s\u1ed1 CVE-2025-49459, \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn Zoom Workplace tr\u00ean Windows ARM. L\u1ed7 h\u1ed5ng n\u00e0y c\u00f3 kh\u1ea3 n\u0103ng cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng ngo\u00e0i quy\u1ec1n h\u1ea1n, t\u1eeb \u0111\u00f3 \u0111e d\u1ecda nghi\u00eam tr\u1ecdng \u0111\u1ebfn b\u1ea3o m\u1eadt c\u1ee7a \u1ee9ng d\u1ee5ng.<\/p>\n<p>B\u00ean c\u1ea1nh l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng, Zoom c\u0169ng kh\u1eafc ph\u1ee5c nhi\u1ec1u v\u1ea5n \u0111\u1ec1 m\u1ee9c trung b\u00ecnh tr\u00ean client Windows v\u00e0 macOS, bao g\u1ed3m:<\/p>\n<ul>\n<li data-xf-list-type=\"ul\">Tr\u00ean Zoom Workplace cho Windows\n<ul>\n<li data-xf-list-type=\"ul\">CVE-2025-58135: Improper Action Enforcement, c\u00f3 th\u1ec3 cho ph\u00e9p th\u1ef1c hi\u1ec7n h\u00e0nh \u0111\u1ed9ng ngo\u00e0i quy\u1ec1n h\u1ea1n<\/li>\n<li data-xf-list-type=\"ul\">CVE-2025-58134: Incorrect Authorization, c\u00f3 th\u1ec3 khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng v\u01b0\u1ee3t qu\u00e1 quy\u1ec1n truy c\u1eadp<\/li>\n<\/ul>\n<\/li>\n<li data-xf-list-type=\"ul\">Tr\u00ean nhi\u1ec1u client Zoom Workplace\n<ul>\n<li data-xf-list-type=\"ul\">CVE-2025-49458: Buffer Overflow, c\u00f3 kh\u1ea3 n\u0103ng d\u1eabn \u0111\u1ebfn th\u1ef1c thi m\u00e3 t\u00f9y \u00fd<\/li>\n<li data-xf-list-type=\"ul\">CVE-2025-49460: Argument Injection, cho ph\u00e9p ch\u00e8n tham s\u1ed1 \u0111\u1ed9c h\u1ea1i \u0111\u1ec3 thao t\u00fang h\u00e0nh vi \u1ee9ng d\u1ee5ng<\/li>\n<li data-xf-list-type=\"ul\">CVE-2025-49461: Cross-site Scripting (XSS), c\u00f3 th\u1ec3 ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o c\u00e1c trang web m\u00e0 ng\u01b0\u1eddi d\u00f9ng xem<\/li>\n<\/ul>\n<\/li>\n<li data-xf-list-type=\"ul\">Tr\u00ean Zoom Workplace VDI Plugin cho macOS Universal installer d\u00f9ng v\u1edbi VMware Horizon\n<ul>\n<li data-xf-list-type=\"ul\">CVE-2025-58131: Race Condition, c\u00f3 th\u1ec3 g\u00e2y h\u00e0nh vi kh\u00f4ng d\u1ef1 \u0111o\u00e1n tr\u01b0\u1edbc, t\u1eeb t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 \u0111\u1ebfn leo thang quy\u1ec1n h\u1ea1n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Zoom khuy\u1ebfn c\u00e1o ng\u01b0\u1eddi d\u00f9ng lu\u00f4n c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m l\u00ean phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t \u0111\u1ec3 nh\u1eadn \u0111\u1ea7y \u0111\u1ee7 c\u00e1c b\u1ea3n v\u00e1 v\u00e0 c\u1ea3i ti\u1ebfn b\u1ea3o m\u1eadt. B\u1ea3n v\u00e1 n\u00e0y \u0111\u01b0\u1ee3c tung ra ch\u1ec9 m\u1ed9t th\u00e1ng sau khi Zoom x\u1eed l\u00fd l\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng CVE-2025-49457, m\u1ed9t v\u1ea5n \u0111\u1ec1 untrusted search path tr\u00ean client Windows c\u00f3 th\u1ec3 cho ph\u00e9p leo thang \u0111\u1eb7c quy\u1ec1n, v\u1edbi \u0111i\u1ec3m CVSS 9.6, nh\u1ea5n m\u1ea1nh r\u1ee7i ro c\u1ee7a vi\u1ec7c s\u1eed d\u1ee5ng phi\u00ean b\u1ea3n c\u0169.<\/p>\n<p>Vi\u1ec7c li\u00ean t\u1ee5c ph\u00e1t hi\u1ec7n c\u00e1c l\u1ed7 h\u1ed5ng, t\u1eeb m\u1ee9c nghi\u00eam tr\u1ecdng \u0111\u1ebfn trung b\u00ecnh, cho th\u1ea5y t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c \u00e1p d\u1ee5ng b\u1ea3n c\u1eadp nh\u1eadt k\u1ecbp th\u1eddi cho c\u1ea3 ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n l\u1eabn t\u1ed5 ch\u1ee9c. Tr\u00ec ho\u00e3n c\u1eadp nh\u1eadt s\u1ebd khi\u1ebfn h\u1ec7 th\u1ed1ng \u0111\u1ed1i m\u1eb7t v\u1edbi nguy c\u01a1 b\u1ecb t\u1ea5n c\u00f4ng, bao g\u1ed3m \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 v\u00e0 th\u1eadm ch\u00ed x\u00e2m nh\u1eadp to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng. Ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 t\u1ea3i phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t c\u1ee7a Zoom th\u00f4ng qua website ch\u00ednh th\u1ee9c ho\u1eb7c k\u00eanh c\u1eadp nh\u1eadt \u1ee9ng d\u1ee5ng.<\/p>\n<div style=\"text-align: right;\"><b><i>Theo Cyber Security News<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Zoom v\u1eeba ph\u00e1t h\u00e0nh b\u1ea3n c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt quan tr\u1ecdng cho c\u00e1c \u1ee9ng d\u1ee5ng c\u1ee7a m\u00ecnh, bao g\u1ed3m Zoom Workplace v\u00e0 c\u00e1c client tr\u00ean Windows l\u1eabn macOS, nh\u1eb1m kh\u1eafc ph\u1ee5c nhi\u1ec1u l\u1ed7 h\u1ed5ng v\u1edbi m\u1ee9c \u0111\u1ed9 nghi\u00eam tr\u1ecdng t\u1eeb trung b\u00ecnh \u0111\u1ebfn cao. B\u1ea3n v\u00e1 m\u1edbi nh\u1ea5t \u0111\u1eb7c bi\u1ec7t ch\u00fa tr\u1ecdng v\u00e0o m\u1ed9t l\u1ed7 [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":46644,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,35],"tags":[],"class_list":["post-46643","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=46643"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46643\/revisions"}],"predecessor-version":[{"id":46645,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/46643\/revisions\/46645"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/46644"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=46643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=46643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=46643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}