The security vulnerability with code CVE-2022-28756 affects the automatic update feature of the application. A low-privileged threat actor can exploit the vulnerability to gain root privileges on the vulnerable operating system during the automatic update process of versions 5.7.3 to 5.11.3. The vulnerability was identified by Patrick Wardle, founder of the Objective-See Foundation, and presented at the annual world-known Def Con Hack conference.The vulnerability has been fixed in version 5.11.5 of the currently available Zoom app for macOS.
It is recommended that users using vulnerable versions of the Zoom App for macOS immediately apply the updates that fix the vulnerability so that they are not the target of attacks that can be carried out using the vulnerability.