CVE-2022-28762 is a high-severity vulnerability affecting Zoom Client for Meetings on macOS versions starting from 5.10.6 up to but not including 5.12.0. The vulnerability arises from a misconfiguration related to a debugging port that is opened locally when the camera mode rendering context is enabled via the Zoom App Layers API. This API allows certain Zoom Apps to run within the Zoom client, and when activated, it inadvertently opens a local debugging port. A local malicious user with limited privileges (local access and low privileges) can connect to this debugging port and gain control over the Zoom Apps running inside the Zoom client. This control could allow the attacker to manipulate app behavior, potentially leading to unauthorized access to sensitive information or disruption of app functionality. The vulnerability is classified under CWE-16, which relates to improper configuration issues. The CVSS v3.1 base score is 7.3, indicating a high severity, with the vector showing that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts confidentiality and integrity highly (C:H/I:H) with a low impact on availability (A:L). No known exploits in the wild have been reported, and no patches are explicitly linked in the provided data, suggesting that users should verify their Zoom client versions and update to 5.12.0 or later where this issue is presumably fixed.

For European organizations, this vulnerability poses a significant risk especially in environments where macOS devices are used for business communications via Zoom. Since the attack requires local access, the threat is primarily from insider threats or attackers who have already compromised a machine. However, once exploited, the attacker can control Zoom Apps, potentially leading to leakage of confidential meeting content, unauthorized manipulation of meeting-related data, or disruption of communication workflows. This could impact confidentiality and integrity of sensitive corporate communications, intellectual property, and personal data, which is critical under GDPR regulations. The disruption or manipulation of Zoom Apps could also affect business continuity and trust in communication platforms. Organizations with remote or hybrid workforces relying heavily on Zoom for meetings are particularly vulnerable. The lack of user interaction required for exploitation increases the risk, as the attack can be automated or executed stealthily once local access is obtained.

European organizations should immediately verify the Zoom Client for Meetings version on all macOS endpoints and upgrade to version 5.12.0 or later, where this vulnerability is addressed. Since the vulnerability requires local access, enforcing strict endpoint security controls is critical: implement strong access controls, limit local user privileges, and monitor for unauthorized local access attempts. Employ endpoint detection and response (EDR) solutions to detect suspicious activity related to Zoom processes or unusual local port usage. Disable or restrict the use of Zoom Apps that require the camera mode rendering context or the Zoom App Layers API if not essential. Conduct regular audits of installed Zoom Apps and their permissions. Additionally, educate users about the risks of local privilege escalation and insider threats. Network segmentation and endpoint isolation can further reduce the risk of lateral movement by attackers who gain local access. Finally, maintain up-to-date backups and incident response plans tailored to potential exploitation scenarios involving communication platforms.