- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Zoom Patches High-Severity Flaw in macOS Client
Video messaging platform Zoom released a new patch last week to a high-severity flaw in its client for macOS devices.
The vulnerability (tracked CVE-2022-28762) refers to a debugging port misconfiguration affecting versions between 5.10.6 and 5.12.0 (excluded) and has a common vulnerability scoring system (CVSS) of 3.1 of 7.3 out of 10.
“When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client,” the company wrote on its security bulletin page last week.
According to the video messaging firm, if exploited, the flaw could allow a malicious actor to connect to their client and control the Zoom Apps running in it.
From a technical standpoint, Zoom Apps are integrations with external apps that users can access from within the video messaging platform. They include tools such as Miro, Dropbox Spaces and Asana, among others.
The flaw has been spotted by Zoom’s own security team and fully patched in the latest version of the macOS client (5.12.0), which is now available on the company’s website and via settings in already installed iterations of the video messaging platform.
“Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates,” the tech firm wrote.
The security bulletin comes months after Ivan Fratric from Google Project Zero discovered four vulnerabilities (now patched) that could be exploited to compromise users over chat by sending certain Extensible Messaging and Presence Protocol (XMPP) messages and executing malicious code.
More recently, an investigation by cybersecurity company Cyfirma suggested the threat actors known as FIN11 (and Clop) may have impersonated web download pages of the Zoom application to run phishing campaigns against targets worldwide.