The latest update to Zoom on Mac includes a fix for a dangerous security flaw

Zoom has released a patch for a bug on macOS that could allow a hacker to take control of a user’s operating system (via MacRumors) In an update on its security bulletin, Zoom acknowledged the issue (CVE-2022-28756) and said that version 5.11. ).

Patrick Wardle, a security researcher and founder of the Objective-C Foundation, a nonprofit that makes open-source macOS security tools, first uncovered the flaw and presented it at the Def Con hacking conference last week. My colleague, Corinne Fife, attended the event and reported on Wardley’s findings.

As Korin points out, the exploit targets the Zoom installer, which requires special user permissions to run. Taking advantage of this tool, Wardle discovered that hackers could essentially “trick” Zoom into installing a malicious program by putting Zoom’s cryptographic signature on the package. From here, attackers can gain further access to the user’s system, allowing them to modify, delete, or add files to the device.

“Mahlos to zoom in for an (incredibly) quick fix!” Wardle replied For the update of Zoom. “Reversing the patch, we see that the Zoom installer now invokes lchown to update the permissions of the updated .pkg, thus preventing malicious subversion.”

You can install the 5.11.5 update on Zoom by first opening the app on your Mac and hitting zoom.us (depending on which country you are in) The menu bar at the top of your screen may be different. Then, choose check for updates, and if one is available, Zoom will display a window with the latest app version, along with what’s changing. choose from Updates to start the download.



Source link

Leave a Comment