Update Zoom for Mac now to avoid root-access vulnerability

Feature you'd normally want for secure software opened a huge hole.



If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system.


The vulnerability was first discovered by Patrick Wardle, founder of the Objective-See Foundation, a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn't need one. Wardle found that Zoom's updater is owned by and runs as the root user.


Read More...


Courtesy of Ars Technica

Article Author: Kevin Purdy



This website uses cookies to ensure you get the best experience. Click here to learn more.