Security Researcher Raises Alarm After Detecting Possible Threat To macOS Version Of Zoom (Updated: Fixed)

A security researcher has reportedly raised the alarm about a possible threat to the macOS version of Zoom.

The researcher claims to have found a new means through which attackers would now be able to enter into the whole operating system, thanks to a number of loopholes in the security offered by the platform.

New details surrounding the exploitation had to do with a presentation provided by Mac’s renowned security specialist named Patrick Wardle. He shed light on the matter in Las Vegas’s recent hacking conference that was held last Friday.

While some of the vulnerable bugs are gone, thanks to a quick interception by Zoom in this regard, it doesn’t mean everything is back to normal. The researcher has noted that there still remains one unresolved vulnerability that continues to affect all systems today.

As far as how the threat works are concerned, well, it has been detailed to target the installer involved in downloading Zoom. This is only possible when users give consent to allow a new Zoom to come forward or the old one to be removed from their device.

The installer needs the users to plug in their password when including the app in the system for the first time. When this occurs, Wardle realized that there was one function for auto updates that was continuing to run in the background after being given some great privileges.

When the app was seen releasing an update, the vulnerability would also get on board with the new version after making sure it was related to Zoom cryptographically. But the fact that there was now a bug being incorporated in the whole checking ordeal means that if any file was provided with a similar name as that seen across the certificate of Zoom, it would pass this test with ease.

This way, so many attackers get the chance to replace any program on the app with malware and make it work thanks to the updater that gave it special privileges. And in the end, what you get is a privileged attack. This automatically thinks the attacker has entered the system and in the end, exploitation is conducted to get further access across the app.

At first, attackers start off as restricted users but within a short timeframe, they’re elevated to higher or superior statuses that are also commonly called superusers. This enables file addition, removal, and even deletion along the way.

Wardle was seen mentioning how he had warned Zoom last year in December regarding the major security threat. But to his dismay, their attempts at fixing it resulted in the addition of another major bug. This means there was still a bigger vulnerability at hand that could be exploited.

For this reason, he waited for a good eight months, before publishing his recent research. This is after he told Zoom about the presence of a second bug.

Zoom provides a defense statement claiming that it gave a patch that would help rid the app but little did they know at the time that it wasn’t good enough to prevent the app from being exploited.

At the moment, the bug is definitely still working on Zoom but Wardle has mentioned how simple it is to fix. And that’s why his hopes of talking about it publicly can make all the difference.

As far as the latest update from Zoom is concerned, they have acknowledged the news with the firm’s head of security making claims of how they’re working hard to fix it diligently.

Update: Zoom's spokesperson informed Digital Information World team (via email) that, “The newly reported vulnerability for the macOS auto updater has been fixed in the Zoom Client for Meetings for macOS version 5.11.5.”

H/T: TheVerge

Read next: Black Hat 2022 Security Researchers Reveal Hidden Loopholes In Tracking Devices
Previous Post Next Post