(Note: Update Again) Update Zoom Now to Protect Your Mac from This Security Flaw
Older versions of Zoom could allow hackers to take over your macOS through a privilege escalation vulnerability. But the latest Zoom update (5.11.5) patches this flaw. If you use Zoom on your Mac, you should update the software now.
Update, 8/22/22 9:51 am Eastern: Two days after this article was published, Zoom pushed an additional security update for macOS. It seems that the company failed to completely patch Zoom’s privilege escalation vulnerability with the previous updates. If you use Zoom on a Mac, update it today.
This update comes just a week after Zoom revealed its privilege escalation vulnerability in a security bulletin. The vulnerability (CVE-2022-28756) received widespread coverage after it was demonstrated by Patrick Wardle, founder of the Objective-See Foundation, at a Def Con hacking conference on August 12th.
The vulnerability extends from a bug in Zoom’s auto-update system. Normally, Zoom checks update packages for a cryptographic signature. This verifies that the update is authentic and published by the Zoom company. But if you give a file the same name as Zoom’s cryptographic signature, the software will run that file without asking any questions.
In a worst-case scenario, hackers could use this flaw to place RATs (remote access trojans) on your Mac. But this vulnerability could open the door to any malware, including ransomware. It’s no surprise that Zoom pushed such a quick fix.
I suggest opening Zoom on your Mac (even if you don’t use it often) to run an automatic update. If you want to ensure that Zoom actually installs the 5.11.5 update, proceed with the manual update process.
Source: Zoom via The Verge