Categories
Apple Apps Business Developer Hack Mac macOS Malware News privacy security Software

Researcher notes Zoom access privilege exploit at DefCon, advises Mac users to update their software immediately

You definitely want to update the Zoom application on your Mac.

An exploit noted by Mac security specialist Patrick Wardle and disclosed at the DefCon tracking conference on August 12 has noted a loophole that could be exploited to offer an outside user full access to your Mac.

Since Zoom has to be run with special user permissions to install, remove or update the main app from a computer, it asks for a user to enter their password during installation. A flaw within the auto-update function could allow Zoom to run continuously in the background with superuser privileges after installation. Whenever Zoom issues an update, the function checks the new package has been cryptographically signed by Zoom. Unfortunately, the checking method was flawed, and any file given the same name as Zoom’s signing certificate would pass muster. This could allow an outside user to substitute any sort of malware they wanted and Zoom’s updater would run it with elevated privileges.

Once in and granted superuser, or root-level access, the outside party could add, modify, or remove any files on the Mac they wished.

Wardle advised Zoom of his findings in December 2021. An initial fix, Wardle said, contained another bug. This meant despite the Zoom update, the vulnerability was still present and exploitable, but not quite as easily. He advised Zoom of the second bug, and then waited.

After eight month, Zoom still had yet to fix the exploit. Wardle then presented it during this year’s DefCon conference in Las Vegas, Nevada. On Friday, Zoom issued version 5.11.5, which is supposedly safe from the exploit now.

Be sure to update your version of Zoom on your Mac and please let us know about your experience in the comments.

Via The Mac Observer, The Verge, and Zoom