Skip to main content

CVE-2022-28762: CWE-16 Misconfiguration in Zoom Video Communications Inc Zoom Client for Meetings for MacOS

High
VulnerabilityCVE-2022-28762cvecve-2022-28762cwe-16
Published: Fri Oct 14 2022 (10/14/2022, 14:51:13 UTC)
Source: CVE
Vendor/Project: Zoom Video Communications Inc
Product: Zoom Client for Meetings for MacOS

Description

Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.

AI-Powered Analysis

AILast updated: 07/06/2025, 14:56:06 UTC

Technical Analysis

CVE-2022-28762 is a high-severity vulnerability affecting Zoom Client for Meetings on macOS versions starting from 5.10.6 up to but not including 5.12.0. The vulnerability arises from a misconfiguration related to a debugging port that is opened locally when the camera mode rendering context is enabled via the Zoom App Layers API. This API allows certain Zoom Apps to run within the Zoom client, and when activated, it inadvertently opens a local debugging port. A local malicious user with limited privileges (local access and low privileges) can connect to this debugging port and gain control over the Zoom Apps running inside the Zoom client. This control could allow the attacker to manipulate app behavior, potentially leading to unauthorized access to sensitive information or disruption of app functionality. The vulnerability is classified under CWE-16, which relates to improper configuration issues. The CVSS v3.1 base score is 7.3, indicating a high severity, with the vector showing that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and impacts confidentiality and integrity highly (C:H/I:H) with a low impact on availability (A:L). No known exploits in the wild have been reported, and no patches are explicitly linked in the provided data, suggesting that users should verify their Zoom client versions and update to 5.12.0 or later where this issue is presumably fixed.

Potential Impact

For European organizations, this vulnerability poses a significant risk especially in environments where macOS devices are used for business communications via Zoom. Since the attack requires local access, the threat is primarily from insider threats or attackers who have already compromised a machine. However, once exploited, the attacker can control Zoom Apps, potentially leading to leakage of confidential meeting content, unauthorized manipulation of meeting-related data, or disruption of communication workflows. This could impact confidentiality and integrity of sensitive corporate communications, intellectual property, and personal data, which is critical under GDPR regulations. The disruption or manipulation of Zoom Apps could also affect business continuity and trust in communication platforms. Organizations with remote or hybrid workforces relying heavily on Zoom for meetings are particularly vulnerable. The lack of user interaction required for exploitation increases the risk, as the attack can be automated or executed stealthily once local access is obtained.

Mitigation Recommendations

European organizations should immediately verify the Zoom Client for Meetings version on all macOS endpoints and upgrade to version 5.12.0 or later, where this vulnerability is addressed. Since the vulnerability requires local access, enforcing strict endpoint security controls is critical: implement strong access controls, limit local user privileges, and monitor for unauthorized local access attempts. Employ endpoint detection and response (EDR) solutions to detect suspicious activity related to Zoom processes or unusual local port usage. Disable or restrict the use of Zoom Apps that require the camera mode rendering context or the Zoom App Layers API if not essential. Conduct regular audits of installed Zoom Apps and their permissions. Additionally, educate users about the risks of local privilege escalation and insider threats. Network segmentation and endpoint isolation can further reduce the risk of lateral movement by attackers who gain local access. Finally, maintain up-to-date backups and incident response plans tailored to potential exploitation scenarios involving communication platforms.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Zoom
Date Reserved
2022-04-06T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec99f

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 2:56:06 PM

Last updated: 8/14/2025, 7:24:26 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats