fbpx
Connect with us

Tech

Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac

Published

on

Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac

Zoom’s automatic update option can help users ensure that they have the latest, safest version of the video conferencing software, which has had multiple privacy and security issues over the years. A Mac security researcher, however, has reported vulnerabilities he found in the tool that attackers could have exploited to gain full control of a victim’s computer at this year’s DefCon. According to Wired, Patrick Wardle presented two vulnerabilities during the conference. He found the first one in the app’s signature check, which certifies the integrity of the update being installed and examines it to make sure that it’s a new version of Zoom. In other words, it’s in charge of blocking attackers from tricking the automatic update installer into downloading an older and more vulnerable version of the app. 

Wardle discovered that attackers could bypass the signature check by naming their malware file a certain way. And once they’re in, they could get root access and control the victim’s Mac. The Verge says Wardle disclosed the bug to Zoom back in December 2021, but the fix it rolled out contained another bug. This second vulnerability could have given attackers a way to circumvent the safeguard Zoom set in place to make sure an update delivers the latest version of the app. Wardle reportedly found that it’s possible to trick a tool that facilitates Zoom’s update distribution into accepting an older version of the video conferencing software. 

Zoom already fixed that flaw, as well, but Wardle found yet another vulnerability, which he has also presented at the conference. He discovered that there’s a point in time between the auto-installer’s verification of a software package and the actual installation process that allows an attacker to inject malicious code into the update. A downloaded package meant for installation can apparently retain its original read-write permissions allowing any user to modify it. That means even users without root access could swap its contents with malicious code and gain control of the target computer.

The company told The Verge that it’s now working on a patch for the new vulnerability Wardle has disclosed. As Wired notes, though, attackers need to have existing access to a user’s device to be able to exploit these flaws. Even if there’s no immediate danger for most people, Zoom advises users to “keep up to date with the latest version” of the app whenever one comes out. 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Go to Source

Click to comment

Leave a Reply

Tech

Stocking stuffer alert: Get 20% off Roblox gift cards for Cyber Monday

Published

on

Stocking stuffer alert: Get 20% off Roblox gift cards for Cyber Monday

Roblox $25 gift card image

Amazon

, Senior Editor

Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering PC building, computer components, mini-PCs, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.

Go to Source

Continue Reading

Tech

This game-ready 1440p Dell monitor is a cool $150 on Cyber Monday

Published

on

This game-ready 1440p Dell monitor is a cool $150 on Cyber Monday

Dell monitor on a white background

Dell

, Senior Editor

Alaina Yee is PCWorld’s resident bargain hunter—when she’s not covering PC building, computer components, mini-PCs, and more, she’s scouring for the best tech deals. Previously her work has appeared in PC Gamer, IGN, Maximum PC, and Official Xbox Magazine. You can find her on Twitter at @morphingball.

Go to Source

Continue Reading

Tech

Missed out on the Powerball? This puzzle might help, and it’s $20 today only.

Published

on

Missed out on the Powerball? This puzzle might help, and it’s $20 today only.

2 million dollar puzzle

StackCommerce

Go to Source

Continue Reading
Home | Latest News | Tech | Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac
a

Market

Trending