16 Aug. (Portaltic/EP) –
zoom has urged users of the client for mac to download the new version to correct a vulnerability present in the automatic update function that allows attackers access and control of the system.
The technology company has reported a high severity vulnerabilityidentified as CVE-2022-28756, present in the automatic update functionactivated by default, the exploitation of which would allow escalation of root privileges.
Patrick Wardle, founder of the Objective-See Foundation, warned last week of the vulnerability in A chat at the Defcon cybersecurity conference. Among other actions, an attacker could install an older version of the Zoom client or enable ‘exploits’.
Mahalo to everybody who came to me @defcon talk “You’re M?u?t?e?d? Rooted” ?????Was stoked to talk about (& live-demo ?) a local priv-esc vulnerability in Zoom (for macOS). Currently there is no patch ?????Slides with full details & PoC exploit: https://t.co/viee0Yd5o2 #0day pic.twitter.com/9dW7DdUm7P
— patrick wardle (@patrickwardle) August 12, 2022
This vulnerability is present in both the Mac client from version 5.7.3 as in versions prior to 5.11.5as indicated by Zoom in its security bulletin. The company has already released a new version that users will have to install manually.
Add Comment