The auto-update feature of Zoom could exploit a vulnerability in Mac OS X

By TechThop Team

Posted on: 19 Aug, 2022

Apple's operating systems, including iPad OS and iOS, have been alerted to vulnerabilities that could be exploited by remote attackers to execute arbitrary code.

As stated in CERT-In's threat alert, this vulnerability exists due to an out-of-bounds write in the kernel and WebKit components of the software, causing the vulnerability to exist.

As a result of this vulnerability, remote attackers have been noted to exploit it by enticing their victims to open specially crafted files before exploiting it. 

As part of its security bulletin, Zoom, a video-calling app, acknowledged the vulnerabilities in Apple's software and its automatic update process. Attackers could exploit these vulnerabilities to escalate their privileges to root files of Mac OS, thus compromising their security.

The vulnerability in Apple's kernel process, according to the company's website, can allow an application to execute arbitrary code with kernel privileges through the use of an application.

As it turns out, the vulnerability as it pertains to WebKit is exploited by processing maliciously crafted web content that could allow arbitrary code execution to occur. 

The vulnerabilities were found in iOS and iPad OS versions 15.6.1. In its website statement, Apple claims to have heard that this vulnerability may have been exploited. 

As a precautionary measure, both Apple and Zoom have asked users to update their security patches to address the vulnerability.

As part of the alert, CERT-In had also released earlier this month alerts about Mac OS vulnerabilities of extremely high severity.

The iPad OS, as well as iOS, contained security vulnerabilities that could have been exploited by attackers to execute arbitrary code and bypass security restrictions in the affected devices.

For more stories like this

Explore our website