CVE-2022-28762 The Zoom Client for Meetings for Macs starting with 5.10.6 has a misconfiguration of a debugging port.

This could be used for example to launch other malware or perform other potentially unwanted actions. Zoom for meetings is a collaborative presentation and meeting app that allows users to share a presentation or a meeting from the Zoom cloud or from a local device. Zoom for meetings is provided as a web app via an extension for Google Chrome, Mozilla Firefox, and Microsoft Edge. Zoom Client for Meetings is a separate desktop app that is used to control the Zoom App running in the browser. Starting with Zoom 5.12.0, Zoom for meetings is updated to fix this issue.

Zoom 5.12.0

Zoom for meetings is updated to fix a vulnerability that was found in Zoom 5.12.0 and earlier releases. The vulnerability allows an attacker to gain access to the Zoom Client for Meetings running on a computer by setting the zoom-media-player default browser setting to "chrome".

Zoom for meetings

Zoom for meetings is a collaborative presentation and meeting app that allows users to share a presentation or a meeting from the Zoom cloud or from a local device. Zoom for meetings is provided as a web app via an extension for Google Chrome, Mozilla Firefox, and Microsoft Edge.

Zoom for Meetings: Overview

Zoom for meetings is a collaborative presentation and meeting app that allows users to share a presentation or a meeting from the Zoom cloud or from a local device. The extension for Google Chrome, Mozilla Firefox, and Microsoft Edge provides the web interface and desktop control panels for Zoom.

Timeline

Published on: 10/14/2022 15:15:00 UTC
Last modified on: 10/17/2022 17:52:00 UTC

References

• https://explore.zoom.us/en/trust/security/security-bulletin/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28762