CVE-2022-28756: Zoom Client for Meetings for macOS Privilege Escalation Flaw

A newly discovered flaw that affects the Zoom Client for Meetings for macOS can be could be exploited to gain root access in macOS.

Tracked as CVE-2022-28756 (CVSS score 8.8), the vulnerability affects Zoom for macOS versions 5.7.3 to 5.11.3 and allows a local attacker to escalate their privileges to root.

According to Patrick Wardle, a security researcher and founder of the Objective-See Foundation, who presented his findings at DEF CON 2022 recently, the Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. Researchers found two flaws in Zoom. The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component.

In response to the disclosures, Zoom acknowledges the flaw (CVE-2022-28756) and says a fix is included in version 5.11.5 of the app on Mac, which you can download now.  To update, the user opens the app on your Mac and hits zoom.* (this might be different depending on what country you’re in) from the menu bar at the top of your screen. Then, select Check for updates.