Zoom Vulnerability MacOS

Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:

A new vulnerability has been found in Zoom Client for Meetings for MacOS involving a debugging port misconfiguration. This was found by Zoom’s internal security team.

Read more about the CVE detail here: CVE-2022-24472
The CVSS (Common Vulnerability Scoring System) Severity Score has been rated as: 7.3 (High)

The vulnerability resides within a local debugging port, which is opened by the Zoom client when certain Zoom Apps are running.

The debugging port gives information about the configuration of the application, but also allows for commands to be run by the user for debugging purposes. Threat actors could potentially connect to the port and subsequently control the open Zoom applications without the end user being aware, as commands which are given through a debugging port are generally independent from the regular user interface of the application. This vulnerability affects the Zoom client on versions 5.10.6 to 5.12.0.

To remediate against this vulnerability, Zoom recommend updating to the latest version of Zoom. To check if the latest version is installed on MacOS, go to the main zoom.us menu and select check for updates.

If you discover that you’ve suffered a breach as a result of this or any other vulnerability, and need help urgently, get in contact with us. You can call our emergency line on 0800 066 4509 to speak to one of our experts. They’re available 24 hours a day, 7 days a week. Bookmark this page in case you ever need us.   

If you need any support in mitigating any risks this vulnerability may have on your business, please don’t hesitate to get in contact.