PT-2022-4375 · Zoom · Zoom Client For Meetings
Patrick Wardle
·
Published
2022-08-17
·
Updated
2022-08-19
·
CVE-2022-28751
CVSS v3.1
8.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Client for Meetings versions prior to 5.11.3
Description
The issue is related to incorrect cryptographic signature validation in the update process of the Zoom Client for Meetings for macOS. This could allow a local low-privileged user to exploit the vulnerability and escalate their privileges to root.
Recommendations
For versions prior to 5.11.3, update to version 5.11.3 or later to resolve the issue. As a temporary workaround, consider restricting the update process until a patch is applied.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom Client For Meetings