Explorer

Zoom Has Fixed The Most Dangerous Meeting Vulnerability On Apple MacOS

Online video collaboration platform Zoom has fixed the most dangerous bug on Apple macOS that could allow hackers to take control of users' operating system when they open the meeting app.

Online video collaboration platform Zoom has fixed the most dangerous bug on Apple macOS that could allow hackers to take control of users' operating system when they open the meeting app. The company said in a security update that the Zoom client for meetings for macOS, starting with version 5.7.3 and before 5.11.5, "contains a vulnerability in the auto update process".

"A local low-privileged user could exploit this vulnerability to escalate their privileges to root," said the company,

Zoom acknowledged the issue (CVE-2022-28756) and said it has issued a fix in version 5.11.5 of the app on Mac, which users can now download. Earlier, a security researcher found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.

According to The Verge, details of the exploit were released in a presentation by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas last week. Zoom earlier fixed some of the bugs involved but the most dangerous one was still left on macOS, which has now been fixed. The exploit worked by targeting the installer for the Zoom application, which needs to run with special user permissions to install or remove the main Zoom application from a computer.

Meanwhile, last week a security researcher found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system. According to The Verge, details of the exploit were released in a presentation by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas this week.

Zoom has already fixed some of the bugs involved, but the researcher also presented one unpatched vulnerability that still affects systems now.

The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom.

Top Headlines

OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
Too Much AI Slop On LinkedIn? Users Are Turning To Messy, Human Posts For Better Reach
Too Much AI Slop On LinkedIn? Users Are Turning To Messy, Human Posts
Musk Vs Altman Reloaded: Apple Lawsuit Triggers Fresh AI Billionaire Brawl On X
Musk Vs Altman Reloaded: Apple Lawsuit Triggers Fresh AI Billionaire Brawl
Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns: Report
Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns

Videos

Breaking News: Protests Against Pakistan Government Continue in PoK for 35th Day
Safety Alert: Birthday Banner Falls From Flyover Onto Bike on Thane Highway
Breaking News: Baba Ramdev's Hindu Rashtra Remarks Trigger Political Controversy
Breaking News: Nitesh Rane's Remarks on Aamir Khan's Marriage Spark Political Row
Breaking: Four Teenagers Drown in Yamuna River in Delhi's Alipur

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget