CVE-2022-28768 : Security Advisory and Response
Zoom has identified a local privilege escalation vulnerability in the Zoom Client for Meetings Installer for macOS. Explore impact, technical details, affected systems, mitigation steps, and prevention methods.
Zoom has identified a local privilege escalation vulnerability in the Zoom Client for Meetings Installer for macOS. This CVE allows a low-privileged local user to escalate their privileges to root during the installation process.
Understanding CVE-2022-28768
This section provides insights into the vulnerability and its impact.
What is CVE-2022-28768?
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 is affected by a local privilege escalation vulnerability. This allows a local low-privileged user to escalate their privileges to root during the install process.
The Impact of CVE-2022-28768
The vulnerability poses a high risk as it can be exploited by a malicious actor to gain elevated privileges on the system, potentially leading to unauthorized access and control over the affected macOS device.
Technical Details of CVE-2022-28768
Explore the specifics of this vulnerability.
Vulnerability Description
The CVE-2022-28768 vulnerability is categorized under CWE-689: Permission Race Condition During Resource Copy. It has a CVSS v3.1 base score of 8.8 (High) with high impact on confidentiality, integrity, and availability of the system.
Affected Systems and Versions
- Vendor: Zoom Video Communications Inc
- Product: Zoom Client for Meetings Installer for macOS (Standard and for IT Admin)
- Affected Version: Unspecified, less than 5.12.6
Exploitation Mechanism
The vulnerability can be exploited by a local low-privileged user to manipulate the installation process and gain root privileges, potentially compromising the security of the macOS device.
Mitigation and Prevention
Discover the measures to address and prevent the CVE-2022-28768 vulnerability.
Immediate Steps to Take
Users are advised to update Zoom Client for Meetings Installer for macOS to version 5.12.6 or later to mitigate the risk of local privilege escalation.
Long-Term Security Practices
Maintain regular software updates and security patches to protect systems from known vulnerabilities and security threats.
Patching and Updates
Ensure timely installation of security patches provided by Zoom to address identified vulnerabilities and enhance the overall security posture of macOS devices.