Some existing versions scaling for Mac could expose your computer’s controls to attackers and you might not even know it, the company warned.
The issue, which has been identified as CVE-2022-28762, is believed to be present in macOS Zoom client versions 5.10.6 through 5.12.0 (excluding).
To check which version video conferencing platform you have, open the Zoom desktop client on Mac and go to “zoom.us” in the taskbar. From here, check the build number under “About Zoom” and “Check for updates…” if necessary.
Zoom bugs and updates
“When the camera mode rendering context is enabled as part of the Zoom App Layers API when certain Zoom Apps are launched, a local debug port is exposed to Zoom clients,” the company’s advisory says.
This means that a local malicious user can use the open debug port to connect to and control the macOS Zoom client.
The issue was given a CVSS score of 7.3, making it a high severity issue. Zoom recommends that all users use the most recent version of their software to protect themselves from such vulnerabilities.
This isn’t the first time Zoom has reported bugs in its macOS desktop client — and its entire software suite — all of which are reported to the company Security bulletin (opens in a new tab).
Despite some pretty serious mishaps over the years, Zoom remains an incredibly popular video conferencing platform and VoIP provider for many businesses and educational institutions, to the point that it may be more popular than Microsoft Teams numbers we have seenearlier this year.
https://www.techradar.com/news/zoom-for-mac-users-should-update-now-to-fix-a-massive-security-flaw/