Scary Zoom flaw allows a hacker to completely take over your Mac

Before you log into Zoom to start your next video call, you should take a few minutes before you join to update your app. Zoom recently released a security patch for a major hole that could let a hacker take over your whole machine.

The vulnerability, discovered by Patrick Wardle of the Objective-See Foundation, involves Zoom’s automatic updater, which works as a root user and doesn’t require a user password. When the updater runs, it checks to see if the software updates are signed by Zoom, but Wardle discovered that it was only checking if the file has the same name as the signing certificate. A hacker could then use a different package with the same name as the certificate to gain access to the Mac.

Wardle presented his findings at the DefCon event last week, and his presentation is available for viewing online. Zoom responded by releasing the 5.11.5 (9788) update, which patches the flaw, but it’s actually the second attempt at a fix. In December, Wardle told Zoom about the vulnerability and the company issued a fix, but the fix had a bug that allowed the vulnerability to still be effective.

Zoom has a checkered security history. In the past, it has had problems with unauthorized microphone access, a lack of encryption, and meetings being invaded by unauthorized users. Zoom has fixed those problems with updates.

How to update Zoom

Zoom may automatically update when you launch the app, but it may not install the latest version (this happened to me), which is 5.11.5 (9788). To check the version, launch Zoom and click on zoom.us > About Zoom. If you don’t have the latest version, you’ll need to update it manually. Here’s how.

  • Time to complete: 5 minutes
  • Tools required: internet connection
  • Materials required: Zoom Mac app
1.

Manually check for updates

Foundry

Click on the zoom.us menu and select Check for Updates.

2.

Install the update

Foundry

Zoom will see what updates are available. You should see the 5.11.5 (9788) update, and you can read the release notes. Click on Install to proceed.

3.

Zoom restarts

Foundry

A progress window will appear during the installation, which will take a few minutes, depending on your internet connection. Zoom will relaunch and you should see an alert that says you’ve installed the latest version. You can now use Zoom as usual.

Source : Macworld