Zoom Client Installer Local Privilege Escalation
Description
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zoom installer copies scripts to user-writable directory, allowing local privilege escalation via arbitrary command execution during installation.
Vulnerability
The installation packages of Zoom Client for Meetings for MacOS (Standard and IT Admin) before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0 copy pre- and post- installation shell scripts to a user-writable directory [1]. This allows a local attacker to modify these scripts or replace them with malicious content.
Exploitation
An attacker with local access to the user's machine can replace or modify the shell scripts that are executed with elevated privileges during the installation process [1]. No additional authentication is required beyond local file system access.
Impact
A successful exploit could allow the attacker to execute arbitrary system commands in a higher privileged context (likely root) during the installation [1], leading to full compromise of the system.
Mitigation
Update to Zoom Client for Meetings version 5.2.0 or later, Zoom Client Plugin for Sharing iPhone/iPad version 5.2.0 or later, and Zoom Rooms for Conference version 5.1.0 or later [1]. No workarounds are mentioned.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: <5.2.0
- Range: <5.2.0
- Range: <5.1.0
- Zoom Video Communications Inc/Zoom Client for Meetings for MacOS (Standard and for IT Admin)v5Range: unspecified
- Zoom Video Communications Inc/Zoom Client Plugin for Sharing iPhone/iPadv5Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- explore.zoom.us/en/trust/security/security-bulletinmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.