Some existing versions of Zoom for Mac may expose parts of your computer’s controls to malicious attackers, and you may not even realize that the company warned you.
The problem – identified as CVE-2022-28762 – is believed to occur in clients of macOS Zoom versions 5.10.6 through 5.12.0 (excluded).
To check which version of the videoconferencing platform you have, open the Zoom desktop client on your Mac and go to “zoom.us” in the systray. Here, check the build number in “About Zoom” and follow “Check for Updates …” if necessary.
Enlarge bugs and updates
“When the rendering context in camera mode is enabled as part of the Zoom App Layers API by launching certain Zoom applications, the local debug port is opened by the Zoom client,” the company’s report reads.
This means that a local malicious user can use the exposed debug port to connect and control the macOS Zoom client.
The problem scored a score of 7.3 on CVSS, which means it is of great importance. Zoom recommends that all users stay with the most recent version of their software to protect against such vulnerabilities.
This isn’t the first time Zoom has reported bugs in its macOS desktop client – or even an entire software suite – that are being recorded by the company Security Bulletin (opens in a new tab).
Despite some fairly serious setbacks in recent years, Zoom remains an extremely popular videoconferencing platform and VoIP provider for many businesses and educational establishments, so much so that, according to data we saw earlier this year, it may be more popular than Microsoft Teams.