Improper URL parsing in Zoom Clients

Bulletin: ZSB-22024
CVEID: CVE-2022-28763
CVSS Severity: High
CVSS Score: 8.8
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description:

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2
Zoom VDI Windows Meeting Clients before version 5.12.2
Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2

Source:

Reported by Zoom Security Team

Revision	Date	Description
1.0	10/24/2022	Initial Publication

Zoom Workplace

Business Services

By industry

By audience

Enterprise

For Developer

For partners

🚀 NEW My notes, your AI note taker

Improper URL parsing in Zoom Clients

Improper URL parsing in Zoom Clients

Subscribe for updates