CVE-2022-28762

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings for macOS (Standard and for IT Admin) versions 5.10.6 through 5.11.x

Description The issue is related to a debugging port misconfiguration in the Zoom client. When the camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. This could potentially allow the malicious user to capture sensitive data, such as passwords and access tokens, or to capture audio or video without entering the application.

Recommendations For Zoom Client for Meetings for macOS (Standard and for IT Admin) versions 5.10.6 through 5.11.x, update to version 5.12.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of the Zoom App Layers API or restricting access to the debugging port until the update is applied.