Video conferencing software Zoom was recently found to have a flaw in its Mac client that allowed hackers to gain remote access to users’ systems. Now, the company has launched an update for its macOS app that fixed the vulnerability without affecting the app’s automatic update features.
Last week, Zoom had acknowledged a flaw that was earlier found by a security researcher named Patrick Wardle. Wardle, a security researcher and founder of the Objective-See Foundation, a non-profit that makes open-source macOS security tools, had first found a flaw and presented it at the Def Con hacking conference that took place last week. The exploit targets the Zoom installer, which requires special user permission to run. By leveraging this tool, hackers could trick users into installing a malicious program by putting Zoom’s cryptographic signature on it. Once installed, attackers can gain control over a user’s system, letting them modify, delete, or add files on the device.
With the 5.11.5 update, Zoom has fixed the vulnerability. Users can download the update by opening their app on the MacOS devices and then going to zoom.us from the menu bar on top of the screen. Users can check for updates and if one is available, Zoom will display a window with the latest app version, along with details about what’s changing. From here, users can select Update to begin downloading the app.
Wardle, the security researcher, also lauded Zoom for the quick response. “Mahalos to Zoom for the (incredibly) quick fix!,” he said in a tweet. “Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversions,” he said.
Read the Latest News and Breaking News here