PT-2022-4374 · Zoom · Zoom Client For Meetings

Published

2022-08-17

Updated

2022-08-23

CVE-2022-28757

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings for macOS versions 5.7.3 through 5.11.6

Description The issue is related to a vulnerability in the auto update process, which could allow a local low-privileged user to escalate their privileges to root. This is due to incorrect verification of cryptographic signatures.

Recommendations For versions 5.7.3 through 5.11.6, update to a version newer than 5.11.6 to resolve the issue. As a temporary workaround, consider disabling the auto update process until a patch is available.

Fix

Insufficient Verification of Data Authenticity

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-347

Related Identifiers

BDU:2022-05237

CVE-2022-28757

Affected Products

Zoom Client For Meetings

PT-2022-4374 · Zoom · Zoom Client For Meetings

CVE-2022-28757

Weakness Enumeration

Related Identifiers

Affected Products

References · 5