Zoom for Mac users should update now to fix a massive security flaw

Some existing versions of Zoom for Mac could be exposing parts of your computer’s controls to malicious attackers, and you may not even be aware, the company has warned.

The issue – which has been identified as CVE-2022-28762 – is thought to be present in macOS Zoom client versions 5.10.6 to 5.12.0 (excluded).

To check which version of the video conferencing platform you have, open the Zoom desktop client on a Mac and head to ‘zoom.us’ in the taskbar. From here, check your build number in ‘About Zoom’ and follow ‘Check for updates…’ if necessary.

Zoom bugs and updates

“When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client,” the company’s advisory reads.

This means that a local malicious user is able to use the exposed debugging port to connect – and control – the macOS Zoom client.

The issue has been given a CVSS score of 7.3, rendering it of high severity. Zoom recommends that all users remain on the most up-to-date version of its software in order to protect themselves against such vulnerabilities. 

This isn’t the first time that Zoom has reported bugs in its macOS desktop client – and indeed its entire software package – which are all logged on the company’s Security Bulletin.

Despite some pretty serious mishaps in years gone by, Zoom remains an incredibly popular video conferencing platform and VoIP provider for many businesses and educational establishments, to the degree that it may be more popular than Microsoft Teams according to figures we saw, earlier this year.