“When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client,” the company wrote on its security bulletin page last week.Īccording to the video messaging firm, if exploited, the flaw could allow a malicious actor to connect to their client and control the Zoom Apps running in it.įrom a technical standpoint, Zoom Apps are integrations with external apps that users can access from within the video messaging platform. The vulnerability (tracked CVE-2022-28762) refers to a debugging port misconfiguration affecting versions between 5.10.6 and 5.12.0 (excluded) and has a common vulnerability scoring system (CVSS) of 3.1 of 7.3 out of 10. Video messaging platform Zoom released a new patch last week to a high-severity flaw in its client for macOS devices.
0 kommentar(er)
