The online video-conferencing app Zoom, has released a new update for its macOS app fixing the bug that allowed attackers to gain access to the system. On its security bulletin, Zoom mentions that the update fixes the high severity issue marked CVE-2022-28756.
The fix is rolling out with the Zoom version 5.11.5 for macOS. You should immediately update the Zoom app on your Mac to the latest version to avoid any issues.
As per the security bulletin, the version 5.7.3 to version 5.11.3 of the Zoom macOS app contained a vulnerability that can be exploited by local low-privileged users to gain root privileges to the macOS.
Last week, a security researcher reported that a bad actor can gain system’s access through the macOS version of the Zoom app. In a response, Zoom said that it has fixed the issue but apparently an unpatched vulnerability could still be dangerous to macOS systems. However, the latest update fixes the issue.
A bad actor can use the exploit to target the Zoom installer, requiring special user permissions to run. Using the Zoom installer tool, hackers can fool the installer into installing a malicious program by putting the app’s cryptographic signature on the package. And here on, attackers can then gain further access to the system, allowing them to modify, delete, or even add files.
If you are using the Zoom on your Mac, then update to the latest version marked 5.11.5. To update Zoom, select zoom.us from the menu bar, then check for updates, and click the update button.