"Zoom Patches High-Severity Flaw in macOS Client"

Video messaging platform Zoom recently released a new patch to a high-severity flaw in its client for macOS devices.  The vulnerability (tracked CVE-2022-28762) refers to a debugging port misconfiguration affecting versions starting with 5.10.6 and prior to 5.12.0 and has a CVSS score of 7.3 out of 10.  Zoom noted that when camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client.  If exploited, the flaw could allow a malicious actor to connect to their client and control the Zoom Apps running in it.  The flaw was spotted by Zoom’s own security team and was fully patched in the latest version of the macOS client (5.12.0), which is now available on the company’s website and via settings in already installed iterations of the video messaging platform.

Infosecurity reports: "Zoom Patches High-Severity Flaw in macOS Client"