The macOS installer for Zoom installer could let hackers hijack your device

Zoom zoomed to fix the flaw, so update macOS now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Zoom has patched a serious security flaw that could have allowed hackers to take over a macOS device running thevideo conferencingsoftware.

The move came after Mac security specialist Patrick Wardle demonstrated how a threat actor could abuse the waymacOShandles software patches to trigger an escalation of privilege and essentially take over the device.

Initially, he said the vulnerability leveraged multiple flaws, and that the company addressed most of them. One remained, however, and that one was patched on a later date to finally fully mitigate the issue.

Tricking the updater

The problem lies in the way macOS handles updates. When a user first tries to install an app or a program on theendpoint, they need to run with special user permissions, often given by submitting apassword. After that, auto-updates run indefinitely, with superuser privileges.

In Zoom’s case, the updater would first check to see if the company cryptographically signed the new package, and if so, proceed with the update. However, should the updater get any file with the same name as Zoom’s signing certificate, it would run it. In other words, an attacker could slip in any malware through the updater, even if it meant giving a third party full access to the device.

Zoom has patched a number of security issues>These Zoom security flaws could allow hackers to hijack your device>Defend your devices from malware with these solutions

The flaw was later identified as CVE-2022-28756, and was fixed in Zoom version 5.11.5 for macOS, which is available now to download.

Even though at first Wardle described the flaw as relatively easy to fix, even he was surprised at the speed at which Zoom addressed the issue: “Mahalos to Zoom for the (incredibly) quick fix!” Wardle tweeted afterwards. “Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversion.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report