Zoom’s automatic update option can help users ensure that they have the latest, safest version of the video conferencing software, which has had multiple privacy and security issues over the years. A Mac security researcher, however, has reported vulnerabilities he found in the tool that attackers could have exploited to gain full control of a victim’s computer at this year’s DefCon. According to Wired, Patrick Wardle presented two vulnerabilities during the conference. He found the first one in the app’s signature check, which certifies the integrity of the update being installed and examines it to make sure that it’s a new version of Zoom. In other words, it’s in charge of blocking attackers from tricking the automatic update installer into downloading an older and more vulnerable version of the app.
Wardle discovered that attackers could bypass the signature check by naming their malware file a certain way. And once they’re in, they could get root access and control the victim’s Mac. The Verge says Wardle disclosed the bug to Zoom back in December 2021, but the fix it rolled out contained another bug. This second vulnerability could have given attackers a way to circumvent the safeguard Zoom set in place to make sure an update delivers the latest version of the app. Wardle reportedly found that it’s possible to trick a tool that facilitates Zoom’s update distribution into accepting an older version of the video conferencing software.
Zoom already fixed that flaw, as well, but Wardle found yet another vulnerability, which he has also presented at the conference. He discovered that there’s a point in time between the auto-installer’s verification of a software package and the actual installation process that allows an attacker to inject malicious code into the update. A downloaded package meant for installation can apparently retain its original read-write permissions allowing any user to modify it. That means even users without root access could swap its contents with malicious code and gain control of the target computer.
The company told The Verge that it’s now working on a patch for the new vulnerability Wardle has disclosed. As Wired notes, though, attackers need to have existing access to a user’s device to be able to exploit these flaws. Even if there’s no immediate danger for most people, Zoom advises users to “keep up to date with the latest version” of the app whenever one comes out.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac & Latest News Update
Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac & More Live News
All this news that I have made and shared for you people, you will like it very much and in it we keep bringing topics for you people like every time so that you keep getting news information like trending topics and you It is our goal to be able to get
all kinds of news without going through us so that we can reach you the latest and best news for free so that you can move ahead further by getting the information of that news together with you. Later on, we will continue
to give information about more today world news update types of latest news through posts on our website so that you always keep moving forward in that news and whatever kind of information will be there, it will definitely be conveyed to you people.
Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac & More News Today
All this news that I have brought up to you or will be the most different and best news that you people are not going to get anywhere, along with the information Trending News, Breaking News, Health News, Science News, Sports News, Entertainment News, Technology News, Business News, World News of this made available to all of you so that you are always connected with the news, stay ahead in the matter and keep getting today news all types of news for free till today so that you can get the news by getting it. Always take two steps forward
Credit Goes To News Website – This Original Content Owner News Website . This Is Not My Content So If You Want To Read Original Content You Can Follow Below Links