Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS

Vulnerability

The Zoom Client for Meetings for macOS (Standard and for IT Admin) versions 5.7.3 up to (but not including) 5.11.5 contain a vulnerability in the auto update process. A local low-privileged user can exploit this flaw to escalate privileges to root. The exact mechanism is not detailed in the available references, but the issue resides in the update mechanism's handling of privileged operations.

Exploitation

An attacker must have local access to the macOS system with a low-privileged user account. No additional authentication or user interaction beyond the normal update process is required. The attacker can leverage the vulnerable auto update code path to execute arbitrary actions with root privileges.

Impact

Successful exploitation allows a local low-privileged attacker to gain full root privileges on the affected macOS system. This results in complete compromise of confidentiality, integrity, and availability of the system and all data accessible to the root user.

Mitigation

Zoom released version 5.11.5 which fixes this vulnerability. Users should update to the latest version of Zoom software as recommended in the Zoom Security Bulletin [1]. No workarounds are documented; updating is the only mitigation.