>
Some existing versions of Zoom for Mac could expose parts of your computer’s controls to malicious attackers, and you may not even know it, the company has warned.
The issue – identified as CVE-2022-28762 – is believed to be present in macOS Zoom client versions 5.10.6 through 5.12.0 (excluded).
To check which version of the video conferencing platform you have, open the Zoom desktop client on a Mac and go to ‘zoom.us’ in the taskbar. From here check your build number in ‘About Zoom’ and follow ‘Check for updates…’ if necessary.
Zoom bugs and updates
“When the camera mode display context is enabled as part of the Zoom App Layers API by running certain Zoom apps, a local debug port is opened by the Zoom client,” the company advises.
This means that a local malicious user can use the exposed debug port to connect to – and control – the macOS Zoom client.
The problem has been given a CVSS score of 7.3, making it very serious. Zoom recommends that all users use the most up-to-date version of its software to protect themselves against such vulnerabilities.
This isn’t the first time Zoom has reported bugs in its macOS desktop client — and indeed the entire software suite — all of which have been reported to the company. Security Bulletin (opens in new tab).
Despite some pretty serious mishaps in recent years, Zoom continues to be an incredibly popular video conferencing platform and VoIP provider for many businesses and educational institutions, to the extent that, according to figures we saw earlier this year, it may be more popular than Microsoft Teams.