Last week, Zoom acknowledged a flaw that a security researcher named Patrick Wardle had spotted earlier. Wardle, a security researcher and founder of the Objective-See Foundation, a nonprofit that builds open source macOS security tools, first found a flaw and presented it at the Def Con hacking conference held last week. The exploit targets the Zoom installer, which requires special user permission to run. By exploiting this tool, hackers could trick users into installing a malicious program by putting Zoom’s cryptographic signature on it. Once installed, attackers can gain control of a user’s system, allowing them to modify, delete, or add files to the device. With the 5.11.5 update, Zoom fixed the vulnerability. Users can download the update by opening the app on their MacOS devices and then going to zoom.us from the menu bar at the top of the screen. Users can check for updates, and if one is available, Zoom will display a window with the latest version of the app, along with details about what’s changing. From here, users can select Update to start downloading the app. Wardle, the security researcher, also praised Zoom for its quick response. “Mahalos to Zoom for the (incredibly) quick fix!” he said in a tweet. “Reversing the patch, we see that the Zoom installer now calls lchown to update the .pkg update permissions, thus preventing malicious rollbacks,” he said. Read it Latest news and Breaking news here
