Security researcher Patrick Wardle noticed a Zoom Mac vulnerability that allows hackers to gain remote access to users’ Macs with Zoom’s digital signature.
Zoom, a video conferencing program, was recently discovered to have a weakness in its Mac client that allows hackers to remotely access customers’ devices. The business has now released an update for its macOS app that addresses the issue without interfering with the program’s automatic updating functionality.
Zoom disclosed a problem discovered earlier this week by a security researcher called Patrick Wardle. Wardle, a security researcher and the creator of the Objective-See Foundation, a non-profit that creates open-source macOS security solutions, discovered the issue and revealed it at last week’s Def Con hacking conference.
The attack is designed to target the Zoom installer, which requires specific user privileges to run. Hackers might use this technique to deceive users into installing harmful software by imprinting it with Zoom’s digital signature. Once installed, attackers can obtain access to a user’s system and change, remove, or add data to the device.
🆕 Update(s):
🐛 Bug assigned CVE-2022-28756
🩹 Patch now available, in Zoom v5.11.5 (9788)See Zoom's security bulletin: https://t.co/xUpE4jS6ck
Mahalos to @Zoom for the (incredibly) quick fix! 🙌🏽 🙏🏽 pic.twitter.com/GGtM3EUT7s
— Patrick Wardle (@patrickwardle) August 14, 2022
Zoom Mac vulnerability is removed with the latest update
Zoom has patched the issue with the 5.11.5 version. Users may get the update by launching their app on MacOS devices and then heading to zoom.us from the top menu bar. Users may check for updates, and if one is available, Zoom will display a window with the most recent app version, as well as information about what has changed. Users may then pick Update to begin downloading the software.
Wardle, the security expert, praised Zoom for their prompt reaction as well. “Thank you, Zoom, for the (very) rapid remedy!” “He stated this in a tweet. “Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversions,” he stated.
We hope that you enjoyed this article on Zoom Mac vulnerability allows hackers to gain remote access. If you did, we are sure that you will also like to check out our other articles, such as Zoom will let users directly live stream meetings on Twitch, or how to raise hand in Zoom.
