CVE-2022-28768

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings Installer for macOS versions prior to 5.12.6

Description The issue is related to a local privilege escalation vulnerability. A local low-privileged user could exploit this during the install process to escalate their privileges to root. The vulnerability is caused by a race condition during the copying of resources, which may allow an attacker to elevate their privileges.

Recommendations For versions prior to 5.12.6, update to version 5.12.6 or later to resolve the issue. As a temporary workaround, consider restricting the installation of the Zoom Client for Meetings Installer for macOS to authorized personnel only, until a patch is applied.