Zoom vulnerability: Why Mac users should update urgently

Die Video-Konferenzlösung Zoom: Ein Einfallstor für Schadsoftware

The video conferencing solution Zoom: A gateway for malware

Photo:

Thiago Prudencio / ZUMA Wire / IMAGO

Users of the Mac version of the video conferencing software Zoom should install the latest update as soon as possible. A security hole presented at the Defcon hacker conference in Las Vegas can be used to install malware and circumvent security measures.

As reported by The Verge

for Mac malware that detected the problem. While macOS asks for the user password when reinstalling programs and thus ensures that no programs are installed undetected, this did not apply to Zoom’s automatic update routine. The program had secured system administrator rights to make the updates as easy as possible.

Recommended external content

At this point you will find external content from Twitter that complements the article and from the Editor is recommended. You can show it and hide it again with one click.

The problem with that: Attackers can take advantage of this and foist any programs of their own on the auto-updater. The manufacturer had installed hurdles so that only authentic zoom updates could be installed. But Wardle quickly installed an older version of Zoom whose vulnerabilities had been known for a long time, thus opening the computer to a wide range of attacks. These can be used by attackers to install and start programs without users noticing. The prerequisite for this is that they have access to the device or the Zoom application installed on it. It is therefore a so-called privilege escalation attack to gain further access rights on an already compromised Mac.

More on the subject

  • Warum meine Frau besser durch die Pandemie kommt als ich
  • Der Grinch der Computersicherheit

  • Although Wardle claims to have informed the manufacturer months ago about a whole series of vulnerabilities, the attack never materialised the auto-updater is still possible. Now released

    the company made two updates within a week to solve the problem. The latest version is intended to fix the vulnerability for good.

    ,”breakpoints”: [“”],”outbrainMovable”:true,”updateId”:”5f70f6f6-5934-49f4-bff2-302f6d72cdbb”}”>

    Related Articles

    Back to top button