Local Privilege Escalation in Auto Updater for Zoom Client for Meetings for macOS
Description
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A local low-privileged user on macOS can exploit a flaw in the Zoom auto-update process to gain root privileges.
Vulnerability
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process [1]. A local low-privileged user could exploit this vulnerability to escalate their privileges to root [1]. The affected versions are 5.7.3 through 5.11.5 inclusive.
Exploitation
An attacker needs local access to the macOS system and a low-privileged user account [1]. The exploitability depends on the ability to manipulate the auto-update mechanism, which runs with elevated privileges. The precise sequence of steps is not detailed in available references, but the vulnerability exists within the update process logic.
Impact
Successful exploitation allows the attacker to gain root privileges on the affected macOS system [1]. This effectively gives the attacker full control over the system, including the ability to install software, modify system files, and access all user data.
Mitigation
Zoom addressed this vulnerability in version 5.11.6 [1]. Users should update their Zoom Client for Meetings to the latest version [1]. No workarounds are mentioned in the available references.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: >=5.7.3, <5.11.6
- Range: next of 5.7.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- explore.zoom.us/en/trust/security/security-bulletin/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.