Improper URL parsing in Zoom Clients
- ZSB-22024
- CVE-2022-28763
- High
- 8.8
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.
Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
- Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2
- Zoom VDI Windows Meeting Clients before version 5.12.2
- Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2
Reported by Zoom Security Team
| Revision | Date | Description |
|---|---|---|
| 1.0 | 10/24/2022 | Initial Publication |