CVE-2022-22785 The Zoom Client for Meetings 5.10.0 failed to properly constrain client session cookies to Zoom domains.

We have patched this issue in all new installations of the Zoom Client for Meetings. As a best practice, you can constrain client session cookies to the Zoom domain. For more information about how to do this, see our blog post at https://www.zoom.co/blogs/f/6/ How do I know if I am affected? If you are using the Zoom Client for Meetings on an affected platform (listed above), then you may have been affected by this issue. If you are using the Zoom Client for Meetings on a patched platform, then you have been patched. What should I do? As a best practice, you can constrain client session cookies to the Zoom domain. For more information about how to do this, see our blog post at https://www.zoom.co/blogs/f/6/

Zoom Client for Meetings - Critical severity:

We have patched this issue in all new installations of the Zoom Client for Meetings. As a best practice, you can constrain client session cookies to the Zoom domain. For more information about how to do this, see our blog post at https://www.zoom.co/blogs/f/6/

What is the Zoom Client for Meetings?

The Zoom Client for Meetings is a powerful and easy-to-use tool that lets people in your company easily start phone, audio, or video meetings. It is accessible from any device with a web browser, so people can start meetings from almost anywhere they have an internet connection.
This announcement is part of Zoom’s continuous effort to protect our customers and their data. Our team is committed to ensuring that we provide the most secure experience possible while maintaining the highest levels of performance.
We sincerely apologize for the inconvenience you experienced during this time. If you would like further assistance, please contact us at help@zoom.us

How to verify if you are affected by the issue

If you are using the Zoom Client for Meetings on an affected platform, then you may have been affected by this issue. To verify if you are affected, please follow these steps below:
1. Install and launch the Zoom Client for Meetings
2. Click the Help Menu in the upper-right corner of your desktop screen
3. Select About -> Check if I am Affected

Timeline

Published on: 05/18/2022 16:15:00 UTC
Last modified on: 05/27/2022 16:13:00 UTC

References

• https://explore.zoom.us/en/trust/security/security-bulletin
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22785