When you update your virtual meeting software, you usually don’t expect some random software to install all on its own or run commands of its own volition. If you use Zoom on a Mac though, that is exactly what is possible. This is thanks to an exploit in the Zoom updater that was outlined by Objective-See security researcher Patrick Wardle at this year’s Def Con hacking conference in Las Vegas.
Wardle had initially reported the exploit to Zoom in December of 2021. Fixes attempted by Zoom since the report seemed to unearth more exploits. The first of those exploits was a seemingly glaring oversight on Zoom’s part. All it took was someone just naming their signing certificate the same as Zoom’s and then Zoom granted that software root access to the device. As anyone with Linux or even advanced Mac experience can tell you, granting software you’re unaware of root access to your system is bad. Root permissions allow software unrestricted read and write access to just about anything.
Zoom Meeting Screenshot
That initially reported exploit was patched by Zoom rather quickly, as was the second. Wardle, however, discovered more over time and felt Zoom was starting to become less than responsive, despite following the proper course of action so as not to risk exposing others to the exploit. So come Def Con, Wardle presented his findings to the public, and as of today Zoom has issued a patch.
Apple users can download the patch from Zoom’s website. It is explicitly outlined on its security bulletin page that the exploit affects anyone running Zoom Client for Meetings for macOS versions starting with version 5.7.3 through version 5.11.5. If you find yourself on those versions, it is highly advised you update. As we stated, root access for random software is not good. Hopefully this puts a final nail in the coffin for this exploit because there have been a few patches already which attempt to resolve the issue, none of which were fully effective.
Original Source link