Zoom Patched a Critical Bug That Led to Hackers Gain Root Access

Zoom Patched a Critical Bug That Led to Hackers Gain Root Access

Zoom’s Mac app is found to have a serious security vulnerability that, if exploited by a threat actor can let him access the root of a system.

This comes from Patrick Wardle, a Mac security researcher who found it late last year and informed Zoom, only to see the patch having yet another bug! Though Zoom settled that too, Wardle described the bypass technique – which Zoom has patched finally with a new update now.

Zoom Mac App Vulnerability

Zoom app is one of the widely used video conferencing platforms today. With millions of people meeting up online every day, Zoom’s Mac app is found to be infested with a serious security bug that may lead to compromising the users’ device.

Spotted by a Mac security researcher named Patrick Wardle in the DefCon hacking event last year, this vulnerability would allow anyone exploiting it, into the device’s root system – warns the researcher.

He pointed out the problem to be in Zoom’s automatic updater app, specifically at it’s signature check solution – that’s supposed to authenticate the integrity of an update being installed. Hackers can bypass this security check by naming their malware file accordingly to be accepted by the Zoom updater app.

And once it takes in blindly for installation, it grants all the permissions that Zoom has – which could be the system’s root access too. Thus, Wardle shared this with Zoom and had it release a patch for securing it.

But, Wardle found another flaw in the patch update that could have let attackers trick the updater tool into accepting an older version of Zoom – making the Zoom’s patch update. Though Zoom came up with yet another fix, Wardle found another vulnerability in the next patch too!

This time (considering it as the third bug), he pointed to the time between the auto-installers verification of a software package and the actual installation process, which could allow the threat actors enough time to push a fake update and have it installed by the updater app. But at last, Zoom released a new Mac app update as v5.11.5 to patch this too.

Other Trending News:-  News

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
Microsoft Pushes Office 2021 Users to Upgrade For Family Subscriptions

Microsoft Pushes Office 2021 Users to Upgrade For Family Subscriptions

Next Post
Apple to Put Ads in Maps, Books and Podcasts Soon

Apple to Put Ads in Maps, Books and Podcasts Soon

Related Posts