[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-zoom-fixes-critical-account-takeover-bug-in-windows-clients":10,"sections":40},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":30,"tags":31,"sources":35,"feedback":39,"feedback_at":22,"cost_usd":39,"total_tokens":39},4764,"zoom-fixes-critical-account-takeover-bug-in-windows-clients","Zoom Fixes Critical Account-Takeover Bug in Windows Clients","A 9.8-severity input validation flaw in Zoom's Windows desktop client and VDI products could have let attackers hijack accounts remotely.","Zoom has patched a critical remote account-takeover vulnerability affecting several of its Windows products.\n\nThe bug, tracked as CVE-2026-53412 and scored 9.8 out of 10, stems from improper input validation in Zoom Desktop Client for Windows before version 7.0.0, Zoom Meeting SDK for Windows before 7.0.0, and Zoom VDI Client for Windows before versions 7.0.10, 6.6.15, and 6.5.18. Zoom's advisory offers no technical detail on how the flaw could be triggered, which is standard practice when patches are fresh. The company says all four vulnerabilities described in the advisory were found internally and have not been exploited in the wild.\n\nThree additional high-severity bugs round out the patch batch. CVE-2026-53410, a TOCTOU race condition scored 7.0, hits Zoom Workplace for Windows before 7.0.5, VDI Client and VDI Plugin before 6.5.17 and 6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. CVE-2026-53409, an improper privilege management flaw, affects Zoom Rooms for Windows before 7.1.0. CVE-2026-53411, another input validation issue, targets the Zoom Workplace VDI Plugin for Windows before 6.6.14. Defenders running VDI or Rooms deployments have the most specific version thresholds to check.\n\nFor a platform that spent 2020 and 2021 under a microscope for security missteps — end-to-end encryption that wasn't, Zoombombing, routing calls through China — self-reporting a near-perfect-score flaw before anyone exploits it is the kind of boring-good headline Zoom's security team probably prefers.","[\"security\",\"zoom\",\"vulnerabilities\",\"windows\"]","2026-07-16T14:20:00.000Z","2026-07-16T15:06:37.907Z","2026-07-16T15:06:40.774Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"The article omits the specific version thresholds for the VDI Client (before 7.0.10, 6.6.15, and 6.5.18) and for the three additional CVEs (e.g., CVE-2026-53410 affects Workplace for Windows before 7.0.5, VDI before 6.5.17\u002F6.6.14, Rooms before 7.0.5, and Remote Control before 7.0.0; CVE-2026-53409 affects Rooms before 7.1.0; CVE-2026-53411 affects VDI Plugin before 6.6.14) — these are concrete, available specifics that defenders need and the source provides, and omitting them violates the public","resolved","security",[30,32,33,34],"zoom","vulnerabilities","windows",[36],{"name":37,"url":38},"TechRadar","https:\u002F\u002Fwww.techradar.com\u002Fpro\u002Fsecurity\u002Fzoom-patches-critical-security-flaw-which-could-have-let-hackers-hijack-accounts",0,{"sections":41},[42,47,51,56,61,66,71,76,81,86,91,96,101,106],{"name":43,"slug":44,"count":45,"latest_published_at":46},"AI","ai",2595,"2026-07-16T13:43:58.000Z",{"name":48,"slug":30,"count":49,"latest_published_at":50},"Security",301,"2026-07-16T16:05:00.000Z",{"name":52,"slug":53,"count":54,"latest_published_at":55},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":57,"slug":58,"count":59,"latest_published_at":60},"Policy","policy",162,"2026-07-16T18:16:53.000Z",{"name":62,"slug":63,"count":64,"latest_published_at":65},"Hardware","hardware",125,"2026-07-16T15:39:09.000Z",{"name":67,"slug":68,"count":69,"latest_published_at":70},"Consumer Tech","consumer-tech",94,"2026-07-16T16:29:46.000Z",{"name":72,"slug":73,"count":74,"latest_published_at":75},"Software","software",71,"2026-07-16T15:33:28.000Z",{"name":77,"slug":78,"count":79,"latest_published_at":80},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":82,"slug":83,"count":84,"latest_published_at":85},"Dev Tools","dev-tools",60,"2026-07-16T16:59:13.000Z",{"name":87,"slug":88,"count":89,"latest_published_at":90},"Startups","startups",42,"2026-07-16T16:30:35.000Z",{"name":92,"slug":93,"count":94,"latest_published_at":95},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":97,"slug":98,"count":99,"latest_published_at":100},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":102,"slug":103,"count":104,"latest_published_at":105},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":107,"slug":108,"count":109,"latest_published_at":110},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]