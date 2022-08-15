ContributorsPublishersAdvertisers
Software

Zoom flaw allows hackers to take over your Mac — update right now

By Alan Martin
Tom's Guide
Tom's Guide
 4 days ago
https://img.particlenews.com/image.php?url=0ac1GG_0hHaHaeA00

A PSA for Mac owners who use Zoom for their meetings and family video calls: update your software right away. The company has acted quickly to patch a serious security weakness that could allow a hacker to take control of macOS, letting them edit, add or even delete files at will.

The exploit is blocked in version 5.11.5 of the Zoom app for macOS, and affected users should make the update immediately. The vulnerability got a CVSS score of 8.8 on the company’s security bulletin , denoting it of “high” severity.

It marks a quick turnaround for Zoom’s developers, as the bug was only exposed at the DEF CON hacking conference on Friday (August 12). The security researcher who found the weakness, Patrick Wardle, was certainly impressed, tweeting : “Mahalos to @Zoom for the (incredibly) quick fix!”

The Verge , which attended the event last week, has more details on the now-defanged vulnerability, which targeted the installer of the Zoom application. Wardle found that while the installer required a Mac owner to enter a password for installations, the auto-update function ran in the background with superuser privileges.

The updater would check that updates officially distributed by the developers had been cryptographically signed. But Wardle discovered that feeding the updater any file with the same credentials would fool it, allowing malicious types to substitute malware of their choosing to run on a Mac with Zoom open.

That loophole is now, thankfully, closed. Wardle followed up on his congratulatory tweet by explaining exactly how Zoom had made the fix .

“Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversions,” he explained — accompanied with a padlock and thumbs up emoji, suggesting this gets the Wardle seal of approval.

See more

To update Zoom on your Mac, load it up and then click zoom.us (or whatever your geographical equivalent is) from the menu bar at the top of the screen. Select “Check for updates” and Zoom should pop open a window giving you the details of what’s included. Click “Update” and your download will begin.

Once you're all updated, don't forget to check out our guides to the best free Zoom backgrounds , how to get Snapchat filters on Zoom and our overall page on how to use Zoom .

All Future PLC brands are supported by its audience. When you purchase through links on our site, we may earn an affiliate commission.

Comments / 0

Related
IN THIS ARTICLE
#Hackers#Zoom App#Malware#Cvss
ABC News

Capitol riot defendant: I was following Trump's instructions

An Ohio man charged with storming the U.S. Capitol and stealing a coat rack testified that he joined thousands of protesters in ransacking the building last year on what he thought were orders from the president, Donald Trump. Dustin Byron Thompson, 38, of Columbus, Ohio, said Wednesday he took to...
COLUMBUS, OH
The Hill

Mark Meadows removed from North Carolina voter rolls

Donald Trump’s former White House chief of staff Mark Meadows has been removed from North Carolina’s voter rolls, according to the State Board of Elections. Meadows is also being investigated for allegations of voter fraud, the State Bureau of Investigation said. The decision to remove the former North...
SCALY MOUNTAIN, NC
YOU MAY ALSO LIKE
NewsBreak
Zoom
NewsBreak
Technology
NewsBreak
Computers
NewsBreak
Software
The Associated Press

EXPLAINER: Why the term ‘genocide’ matters in Ukraine war

WASHINGTON (AP) — When President Joe Biden declares Russia’s Ukraine war “genocide,” it isn’t just another strong word. Calling a campaign that’s aimed at wiping out a targeted group “genocide” not only increases pressure on a country to act, it can oblige it to. That’s partly because of a genocide treaty approved by the U.N. General Assembly after World War II, signed by the United States and more than 150 other nations.
POLITICS
Tom's Guide

Tom's Guide

New York City, NY
452K+
Followers
20K+
Post
13M+
Views
ABOUT

Putting consumer goals and ambitions first, providing the information and tools to help everyone find great products easily and solving problems when they arise, Tom’s Guide is the destination for all things consumer tech and beyond.

 https://www.tomsguide.com

Comments / 0

Community Policy