Zoom issued a security bulletin after Wardle detailed the vulnerability. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system. Certification Authority Apple Root CA.pkg“), this check could be bypassed. The problem is that by simply passing the verification checker the name of the package it was looking for (“ Zoom Video. It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. What this means is that malicious actors could bypass the verification checker and either downgrade to an old, less secure version of Zoom or pass an entirely different package to the updater. Wardle detailed the vulnerability at Def Con last week, explaining that Zoom’s auto-update feature doesn’t ask for a user password and is enabled by default. The Zoom for Mac update addresses a major security vulnerability that could have allowed anyone to gain root access to your computer.Īs reported by ArsTechnica, the vulnerability was first discovered by well-known security researcher Patrick Wardle. If you’re a Zoom user with a Mac, there’s a critical security fix rolling out now that you should install immediately.
0 Comments
Leave a Reply. |