CVE-2019-13567

Name of the Vulnerable Software and Affected Versions Zoom Client versions prior to 4.4.53932.0709

Description The issue allows remote code execution if the ZoomOpener daemon is running but the Zoom Client is not installed or cannot be opened. An attacker can exploit this by using a maliciously crafted launch URL. The ZoomOpener daemon can be removed by the Apple Malware Removal Tool (MRT) if it is enabled and has the 2019-07-10 MRTConfigData.

Recommendations For Zoom Client versions prior to 4.4.53932.0709, update to version 4.4.53932.0709 or later to resolve the issue. As a temporary workaround, consider disabling the ZoomOpener daemon until a patch is available. Restrict access to any launch URLs that could potentially exploit the vulnerability to minimize the risk of exploitation.