Zoom fixes security flaw that let attackers hijack your Mac

Sponsored Links

Jon Fingas
August 15, 2022 3:55 PM
ALBUQUERQUE, NEW MEXICO - AUGUST 17:  Bottles of hand sanitizer sit next to a laptop showing a Zoom meeting as students begin classes amid the coronavirus (COVID-19) pandemic on the first day of the fall 2020 semester at the University of New Mexico on August 17, 2020 in Albuquerque, New Mexico. To help prevent the spread of COVID-19, the university has moved to a hybrid instruction model that includes a mixture of in-person and remote classes. According to the school, about 70 percent of classes are being taught online.  (Photo by Sam Wasson/Getty Images)
Sam Wasson/Getty Images

Zoom users with Macs can rest a little easier. Ars Technica reports Zoom has updated its Mac software to patch a vulnerability that let would-be intruders take control of systems. The video calling software's auto-updater software not only had root-level access, but had a signature verification system that you could fool simply by giving your package a familiar file name. A hacker could force your app to downgrade or otherwise enable exploits.

Objective-See Foundation (OSF) creator and researcher Patrick Wardle first discovered the security hole, and disclosed it to Zoom in December last year. Zoom fixed that problem, but introduced another bug in the process. Zoom addressed that, too, but Wardle found still another flaw. The OSF founder discussed his findings at Def-Con last week. Zoom acknowledged the issue that day, and patched it afterward.

This isn't the first time Zoom has grappled with security headaches, including for the Mac. In 2019, the company raced to fix a webcam hijack exploit that relied on a locally-created web server. Increased scrutiny of Zoom at the start of the COVID-19 pandemic in spring 2020 also prompted a full-scale review of the company's practices. While that did lead to changes, it's clear Zoom isn't immune to missteps.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Popular on Engadget