Online video collaboration platform Zoom has reportedly fixed the most dangerous vulnerability on Apple’s macOS that could allow hackers to take control of a user’s operating system when they open the meeting app.
The company announced in a security update that the Zoom client for meetings prior to macOS 5.7.3 and 5.11.5 “contains a vulnerability in the automatic update process.”
“A local user with low privileges could exploit this vulnerability to escalate to root,” the company said.
Zoom confirmed the issue (CVE-2022-28756) and said a fix has been released in version 5.11.5 of the app on Mac, which users can download now.
Previously, a security researcher found a way for attackers to use the macOS version of Zoom to gain access to the entire operating system.
Mac security expert Patrick Wardle disclosed details of the vulnerability during a presentation at the Def Con hacking conference in Las Vegas last week, The Verge reported.
Zoom has fixed some bugs, but the most dangerous remains macOS, which is now retired.
The vulnerability works by targeting the Zoom app installer, which must run with special user rights to install or remove the main Zoom app on a computer.
Zoom brings end-to-end encryption to its cloud telephony service.
Input from IANS