Local Privilege Escalation in Zoom Client for Meetings for MacOS

Vulnerability

The Zoom Client for Meetings for macOS (Standard and for IT Admin) versions prior to 5.11.3 contain a vulnerability in the package signature validation during the update process. This flaw allows a local low-privileged user to bypass the signature check, potentially replacing legitimate update packages with malicious ones. The affected versions are all releases before 5.11.3.

Exploitation

An attacker must have local access to the macOS system as a low-privileged user. The exploitation involves intercepting or manipulating the update process to substitute a crafted package that bypasses the signature validation. No additional authentication or user interaction beyond the standard update flow is required, as the vulnerability lies in the validation logic itself.

Impact

Successful exploitation allows the attacker to escalate privileges to root, gaining full administrative control over the affected macOS system. This can lead to complete compromise of confidentiality, integrity, and availability of the system and its data.

Mitigation

Zoom released version 5.11.3 to address this vulnerability. Users should update to this version or later immediately. No workarounds are documented. Zoom recommends updating to the latest version as per their security bulletin [1].