Zoom released a patch last week that fixes a high-severity flaw in its client for macOS devices. The video messaging platform identified the vulnerability, which is tracked as CVE-2022-28762, as a debugging port misconfiguration that affects versions between 5.10.6 and 5.12.0. The flaw has been assigned a 7.3 out of 10 on the common vulnerability scoring system (CVSS). Zoom wrote a security bulletin last week stating that the flaw is triggered when camera mode rendering context is enabled. Zoom stated that a local debugging port is opened by the Zoom client. If exploited, a malicious actor could leverage the flaw to connect to their client and control the Zoom Apps running in it.
Zoom Apps are integrations with external apps that are able to be accessed from within the platform, such as Asana, Dropbox, and Miro. The flaw was identified by security researchers at Zoom and is fully patched through the update. Users can help protect themselves from the flaw by installing the updates or downloading the latest Zoom software with all current security updates.