If you are a Zoom user who operates on a Mac, there is an important security patch that is now being distributed, and you should implement it as soon as you possibly can. In its previous iteration, Zoom for Mac had a significant security issue that, if exploited, might have allowed an unauthorized person to get root access to your machine. The most current update, which has just been released, solves this flaw.
According to a study that was published by ArsTechnica, the well-known security researcher Patrick Wardle was the one who initially discovered the weakness. During his presentation at Def Con last week, Wardle provided attendees with additional details regarding the vulnerability. He explained that the Zoom auto-update feature does not inquire about a user password and is set to active by default. This setting can also not be changed.
This suggests that malicious actors may be able to overcome the verification checker and either downgrade to an older version of Zoom that is less secure or pass an entirely different package to the updater. Both of these options present a risk to the user’s data security. The following is an excerpt from the report regarding it:
Only Zoom clients were capable of connecting to the privileged daemon, and Zoom-signed packages were the only ones that could be extracted from the archive. This created the impression that the system was safe and sound. The problem is that it is possible to get around this check by giving the verification checker merely the name of the package (in this instance, “Zoom Video… Certification Authority Apple Root CA.pkg”) that it was looking for. This is a workaround, but it is still a problem. This meant that malicious actors could potentially coerce Zoom into downgrading to a version that had more bugs and was less secure or even passes it an entirely different package that could potentially grant them root access to the machine.
After Wardle had supplied additional facts regarding the vulnerability, Zoom made a security bulletin available to the public. According to the company, the auto-update procedure contains a flaw that might enable a “local low-privileged user” to “upgrade their rights to root,” which is the highest degree of privilege. The following versions of Zoom are vulnerable due to the aforementioned flaw:
Zoom Client for Meetings for macOS (Standard and for IT Admin) beginning with version 5.7.3 and before version 5.11.5 Zoom promptly distributed an upgrade to its Mac program in order to rectify the situation. You should update the version of the Zoom application that is already installed on your Mac to 5.11.5 in order to improve the level of protection you have for yourself (9788).
The fact that this is the most recent example of Zoom’s generally inadequate security techniques does not mean that it is the only one. The company was forced in 2019 to fix a critical vulnerability that allowed websites to take control of the cameras that were installed on Mac computers. The vulnerability made it possible for websites to take control of the webcams on Mac laptops. An update was made available at the beginning of this year that prevents the microphone from being on your Mac after a call has been terminated. This update was provided to everyone. And of course, it lied for years about being able to provide end-to-end encryption when it wasn’t even capable of doing so.
This is all about News About Zoom, Security Flaw, And Mac, for more informative content visit techballad.com