Zoom has addressed a critical security vulnerability in its macOS application that could have allowed attackers to completely compromise user systems. This flaw, discovered by security researcher Patrick Wardle, resided within Zoom’s auto-update software.
The vulnerability stemmed from Zoom’s auto-update software having unnecessary root-level privileges on Mac devices. These excessive permissions essentially created a backdoor that malicious programs could exploit to gain complete control of a system. Additionally, weak verification measures within the software further amplified the risk, potentially allowing attackers to trick it into granting unauthorized access.
Researcher Discovers, Zoom Responds
Wardle, founder of the Objective-See Foundation, identified the issue in December 2021 and promptly reported it to Zoom. The company has finally addressed the vulnerability in a recent update. To ensure protection, Mac users are strongly urged to update their Zoom application manually.
History of Security Concerns
This incident adds to a history of security concerns surrounding Zoom. In 2020, the Federal Trade Commission (FTC) took action against Zoom for misleading users about its use of end-to-end encryption. Wardle himself previously exposed a vulnerability allowing attackers to steal Windows credentials. In 2019, Zoom also faced criticism for a flaw enabling webcam hijacking, although the company swiftly patched that issue.
By patching this latest vulnerability, Zoom aims to regain user trust and demonstrate its commitment to platform security. However, this incident serves as a reminder of the importance of continuous vigilance and updates to maintain a secure user experience.
