April 1, 2023

Zoom has patched a high-severity flaw in its client for macOS devices. Tracked CVE-2022-28762 with a CVSS score of 7.3, refers to a debugging port misconfiguration affecting versions between 5.10.6 and 5.12.0.

The flaw, if exploited could allow a malicious actor to connect to their client and control the Zoom Apps running in it.

Zoom Apps are integrations with external apps that users can access from within the video messaging platform. They include tools such as Miro, Dropbox Spaces and Asana.

Advertisements

The flaw has been spotted by Zoom’s own security team and fully patched in the latest version of the macOS client (5.12.0), which is now available on the company’s website and via settings in already installed iterations of the video messaging platform.

The security bulletin comes months after Google Project Zero researchers discovered four vulnerabilities that could be exploited to compromise users over chat by sending certain Extensible Messaging and Presence Protocol messages and executing malicious code. These are patched now.

Tags:

Leave a Reply

You may have missed

Cylance Ransomware Dissection

Cylance Ransomware Dissection

April 1, 2023
WordPress Elementor Pro Plugin Vulnerability

WordPress Elementor Pro Plugin Vulnerability

April 1, 2023
QNAP Critical Sudo Vulnerability

QNAP Critical Sudo Vulnerability

March 31, 2023
AlienFox Malware Toolset -SwissArmy Knife

AlienFox Malware Toolset -SwissArmy Knife

March 31, 2023
3CX Application Malvertised

3CX Application Malvertised

March 31, 2023
Microsoft Azure Super FabriXss Bug

Microsoft Azure Super FabriXss Bug

March 31, 2023
%d bloggers like this: