CVE-2022-36925

Name of the Vulnerable Software and Affected Versions Zoom Rooms for macOS versions prior to 5.11.4

Description The issue concerns an insecure key generation mechanism in Zoom Rooms for macOS. Specifically, the encryption key used for Inter-Process Communication (IPC) between the Zoom Rooms daemon service and the client can be generated using parameters obtainable by a local low-privileged application. This key can then be utilized to interact with the daemon service, allowing the execution of privileged functions and potentially causing a local denial of service.

Recommendations For versions prior to 5.11.4, update to version 5.11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Zoom Rooms daemon service to minimize the risk of exploitation.