By TechThop Team
Posted on: 16 Aug, 2022
If you have Zoom installed on your MacBook, you should update it immediately. The Zoom Mac app has been updated to address a major security flaw that was discovered over the weekend.
It all started at Def Con, a computer security and hacker conference in Las Vegas, according to The Verge.
Patrick Wardle, founder and ex-NSA security analyst of Objective-See, presented a stunning discovery on Friday: a massive security hole in the Zoom installer for MacBooks.
A threat actor was able to take control of someone's Mac through the Zoom app, down to its root level. It is easy to bypass the security certification test provided by the Zoom package installer because it uses a weak security certificate test.
The hacker is recognized as a 'superuser' at this level, and he can read, change, and create any files, including adding malware.
The security threat had been discovered by Wardle back in December, and Zoom had been informed.
Zoom ignored Wardle for a month and released a patch that contained another security bug. Zoom was informed of this second bug, and more importantly, that the first bug was still not fixed. It was sat on by Zoom.
The findings Wardle presented at Def Con were made public by Wardle. As a responsible disclosure protocol requires companies to fix bugs within eight months.
He felt obligated to warn others after eight months of inaction. A few weeks prior to the conference, Zoom released a small patch, but Wardle said the vulnerability still existed.
It isn't the first time Zoom has been criticized for lax security. The Mac vulnerability in Zoom was discovered by Wardle in 2020, allowing hackers to hijack cameras and microphones.
An executive of Zoom was also charged with colluding with the Chinese government after the US Department of Justice discovered that Zoom was sending user data to Facebook.
In response to Wardle's presentation, Zoom has been working on a new patch, which is now available. The latest version of Zoom for Mac is 5.11.5, which is free to download.
For more stories like this
Explore our website