The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability (CVE-2022-28756) in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Zoom Video Communications Inc. has issued a patch for a vulnerability revealed by security researcher Patrick Wardle at the annual DEF CON Conference last week.
The vulnerability, named CVE-2022-28756, was found in Zoom for macOS versions 5.7.3 to 5.11.3 and potentially allowed an attacker to gain access and take over an Apple Inc. computer through Zoom’s package installer. The vulnerability has a Common Vulnerabilities and Exposure score of 8.8, with all Mac Zoom users recommended to update to the latest version of Zoom, 5.11.5, as soon as possible.
The exploit lies in the way the auto-update client in Zoom connects to a privileged daemon, or background service. In a rather strange two-step process, someone looking to target a Zoom Mac user could bypass the verification checker within Zoom, tricking the update manager into forcing Zoom to downgrade to an earlier, more easily exploitable version of Zoom or even force it to download an entirely different package. Having taken advantage of the first stage, the more vulnerable version of Zoom, or a different package, would allow the attacker to gain root access to the victim’s Mac.
In response to the disclosures, Zoom acknowledges the flaw (CVE-2022-28756) and says a fix is included in version 5.11.5 of the app on Mac, which you can download now. To update, the user opens the app on your Mac and hits zoom.* (this might be different depending on what country you’re in) from the menu bar at the top of your screen. Then, select Check for updates.
Worried about zero-day vulnerabilities and cyber risk exposure in your IT and cloud estate? There’s a solution for that. Our risk based vulnerability management service gives you all the insight, research and data you need to uncover weaknesses across your entire attack surface, no matter how complex, in the cloud and on-prem. Subscribe for a free trial of our vulnerability management service.