The newest Zoom 5.11.6 update is only very recently out, but if you are the owner of MacOS, there is a weighty reason for you to download it right now before you log in to make a video call. Apparently, the Mac app’s security was compromised by a massive vulnerability that gave hackers a free pass to the user’s operating system and allowed wrongdoers to take control of it.
The bug was publicly addressed by Patrick Wardle at the DEF CON hacking conference that took place in Las Vegas on August 11-14, 2022. The head of the Objective-See Foundation and a leading iOS/macOS security researcher, Wardle, spoke of how the exploit targeted Zoom’s automatic updater, which acted as a root user unprotected by a password. By taking advantage of this tool and tricking the app into thinking it was a legitimate update, hackers could get Zoom to install malicious software.
Here is how it worked in more detail. Hackers put Zoom’s cryptographic signature on the malicious package so that when the updater ran and stumbled upon a software update named as the legitimate certificate, it would recognize it as “native” and install. From this point, hackers could gain access to the user’s system, altering, deleting, and adding files to the device at their discretion.
It turns out this wasn’t the first time Wardle had brought the issue to the attention of Zoom. The flaw was first uncovered and presented by him to the company in December 2021; however, the earlier fix released by Zoom did not do the trick, and the vulnerability remained effective until now.
To install the patch, launch the app on Mac and go to the menu bar at the top. Select zoom.us, click Check for Updates, and when you are offered the latest version, pick Update to start the download.
Did you find the post helpful? Let us know what you think in the comments below!