Zoom and Ivanti: Patch Now or Face the Tech Apocalypse!
Ivanti and Zoom have released patches for vulnerabilities including high-severity issues like code execution and privilege escalation. Ivanti fixed bugs in Endpoint Manager, while Zoom addressed flaws in mobile and desktop clients. Although no exploits have been reported, users are urged to update to avoid becoming a hacker’s next favorite target.
Hot Take:
Ivanti and Zoom have joined forces in a new competition: the race to patch vulnerabilities before cybercriminals make their next move. With every patch, they get one step closer to turning a vulnerability into just a ghost of a security threat past. Who knew software patching could be such an adrenaline-pumping spectator sport?
Key Points:
- Ivanti patches three vulnerabilities in Endpoint Manager, including two from a previous list of 13 unpatched issues.
- Two of Ivanti’s vulnerabilities involve path traversal and insecure deserialization, while the third concerns default permissions.
- Zoom addresses nine vulnerabilities in its mobile and desktop clients, with three marked as high-severity.
- Zoom’s high-severity flaws lead to privilege escalation, affecting iOS, Android, and Windows clients.
- Neither Ivanti nor Zoom report active exploitation of these vulnerabilities in the wild.
Ivanti: The Bugbuster Chronicles
Ivanti’s Endpoint Manager (EMP) has been busy this October, getting more attention than a celebrity on a red carpet. The company announced patches for three vulnerabilities, two of which were previously disclosed by Trend Micro’s Zero Day Initiative (ZDI) in their list of 13 unpatched EMP defects. It’s like a game of whack-a-mole, but instead of moles, it’s pesky vulnerabilities that need to be squashed before they can cause any harm.
The first two vulnerabilities, CVE-2025-9713 and CVE-2025-11622, are reminiscent of a Hollywood thriller with themes of path traversal and insecure deserialization. Meanwhile, the third vulnerability, CVE-2025-10918, is an insecure default permissions issue, reminding us that sometimes even software has a rebellious streak when it comes to following rules.
Ivanti assures users that nobody has been exploited through these vulnerabilities, which is comforting news. It’s like finding out your favorite celebrity didn’t actually get involved in that scandalous rumor. Users are advised to update their EMP deployments faster than you can say “patch it up!”
Zoom’s Patch-tastic Adventure
Zoom is on a mission to keep its users’ meetings drama-free with a series of patches addressing nine vulnerabilities. It’s almost as if they’re trying to make up for all those times we accidentally unmuted ourselves during a meeting. In this patch-fest, three vulnerabilities were deemed high-severity, with potential for privilege escalation.
The first two high-severity issues, CVE-2025-62484 and CVE-2025-64741, affect Zoom’s iOS and Android apps, while the third, CVE-2025-64740, impacts the Zoom Workplace VDI Client for Windows. It’s like a plot twist where the villain turns out to be an unexpected character hiding in the mobile apps all along.
Meanwhile, five medium-severity flaws could lead to information disclosure, impacting Zoom’s desktop applications for Linux, macOS, and Windows. Think of it as Zoom’s version of a security spring cleaning. The sixth medium-severity issue, an XSS defect, threatens application integrity without the need for authentication. It’s the kind of bug that tries to sneak past security like a teenager sneaking into a late-night movie.
Despite these vulnerabilities, Zoom reassures users that there’s no evidence of exploitation happening in the wild. It’s a relief to know that our virtual meetings remain safe from mischievous hackers looking to crash our party.