Patrick Wardle, a senior security researcher working for the NSA, found a vulnerability in Zoom’s Mac app. It allows the attacker to gain root access and control the entire operating system.
Zoom brings gesture recognition to the desktop
It exploits the bug in the auto-updater
The attack works by taking advantage of the Zoom macOS installer, which requires special user permissions to be able to install or uninstall Zoom on a Mac computer. The installer requires entering a user password, but Wardle states that afterward the auto-update functionality runs continuously in the background with superuser privileges.
Patch is not a solution
When Zoom releases an update, it passes approval from the automatic updater, then the installation process starts. However, a bug in the validation method allows the attacker to set the updater as they wish. Because the updater runs with authorized user privileges, Wardle points out that an attacker could run any program through the update function. Interestingly, although this vulnerability was reported to Zoom and a solution was provided, Zoom has just released the patch, but the problem continues.
The vulnerability, which is stated to be still active in Zoom’s latest update, allows an attacker to gain root or superuser privileges on a Mac computer. This means that, in theory, any file on the computer can be deleted, modified or a new file added without permission.
Update not released
Zoom’s security and privacy PR leader says they are aware of the automatic updater vulnerability in the Mac version of Zoom and are working to close it.