• Home
  • Sofware
  • Critical vulnerability in Zoom Mac app: Full access to system!

Critical vulnerability in Zoom Mac app: Full access to system!

A critical vulnerability was discovered in Zoom, one of the popular video conferencing applications. A security researcher has found a vulnerability that allows an attacker to gain full system access.
 Critical vulnerability in Zoom Mac app: Full access to system!
READING NOW Critical vulnerability in Zoom Mac app: Full access to system!

Patrick Wardle, a senior security researcher working for the NSA, found a vulnerability in Zoom’s Mac app. It allows the attacker to gain root access and control the entire operating system.

Zoom brings gesture recognition to the desktop

Added 3 months ago

It exploits the bug in the auto-updater

The attack works by taking advantage of the Zoom macOS installer, which requires special user permissions to be able to install or uninstall Zoom on a Mac computer. The installer requires entering a user password, but Wardle states that afterward the auto-update functionality runs continuously in the background with superuser privileges.

Patch is not a solution

When Zoom releases an update, it passes approval from the automatic updater, then the installation process starts. However, a bug in the validation method allows the attacker to set the updater as they wish. Because the updater runs with authorized user privileges, Wardle points out that an attacker could run any program through the update function. Interestingly, although this vulnerability was reported to Zoom and a solution was provided, Zoom has just released the patch, but the problem continues.

The vulnerability, which is stated to be still active in Zoom’s latest update, allows an attacker to gain root or superuser privileges on a Mac computer. This means that, in theory, any file on the computer can be deleted, modified or a new file added without permission.

Update not released

Zoom’s security and privacy PR leader says they are aware of the automatic updater vulnerability in the Mac version of Zoom and are working to close it.

Comments
Leave a Comment

Details
211 read
okunma21852
0 comments