According to the most recent research, three recently found security flaws in Zoom can grant an attacker access to root or SYSTEM users and the ability to execute malicious program. Local privilege escalation concerns have been identified as the two high severity vulnerabilities, CVE-2022-28768 and CVE-2022-36924, which might eventually result in seizing control of the afflicted system.
CVSS Score: 8.8
A local low-privileged user might utilize CVE-2022-28768 (CVSS score of 8.8), which is connected to the install process, to escalate their privileges to root.
Affected Products: Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6
CVSS Score: 8.8
A local low-privileged user might utilize the CVE-2022-36924 vulnerability (CVSS score of 8.8) to escalate their privileges to the SYSTEM user during the install process.
Affected Products: Zoom Rooms Installer for Windows before version 5.12.
CVSS Score: 8.1
A DLL injection vulnerability known as CVE-2022-28766 (CVSS score of 8.1) impacts Windows 32-bit versions of the Zoom Client for Meetings before version 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6
- Zoom Client for Meetings for Windows (32-bit) prior to 5.12.6
- Zoom VDI Windows Meeting Client for Windows (32-bit) prior to 5.12.6
- Zoom Rooms for Conference Room for Windows (32-bit) prior to 5.12.6
By installing recent updates or downloading the most recent Zoom software with all the most recent security fixes, users may help keep themselves secure.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.