If you haven’t done so in the past few days, make sure you update the Zoom app on your Mac. A security researcher recently found a vulnerability in the Zoom software for Mac that could give an attacker full access to your computer.
[Update: It turns out, it was possible to bypass the fix included in Monday’s Zoom update for macOS, version 5.11.5. Zoom issued another update Wednesday, bringing the client to version 5.11.6. The software company says this version fixes the vulnerability for good.]
Exploit Takes Advantage of Zoom Update Vulnerability
The exploit was found by Mac security specialist Patrick Wardle. Wardle disclosed it during a presentation at the Def Con tracking conference Aug. 12. Since Zoom has to run with special user permissions to install, remove or update the main app from a computer, it asks for a user to enter their password during installation.
The problem lies within Zoom’s auto-update function, which runs continuously in the background with superuser privileges after installation. Whenever Zoom issues an update, the function checks the new package has been cryptographically signed by Zoom. Unfortunately, the checking method was flawed.
Any file given the same name as Zoom’s signing certificate would pass muster. That meant an attacker could substitute any sort of malware they wanted and Zoom’s updater would happily run it with elevated privileges.
New Update Resolves Privilege Escalation Attack Risk
This is what’s called a privilege escalation attack. Basically, it means the attacker has already gained access to its target, and uses an exploit to grant it a higher level of access. In this case, the updater flaw would give the attacker “root” access, allowing them to add, modify or remove any files on the Mac they wished.
Wardle advised Zoom of his findings in December 2021. An initial fix, Wardle said, contained another bug. This meant despite the Zoom update, the vulnerability was still present and exploitable, but not quite as easily. He advised Zoom of the second bug, and then waited.
Eight months later, Zoom hadn’t bothered to fix the exploit. Yes, another update fixed the second bug, but introduced another one. The exploit was still there, and still a threat. So, Wardle presented it during the Def Con conference is Las Vegas, Nevada.
Finally, on Monday, Zoom issued another fix for the Mac app. Now at version 5.11.5, the Mac app for Zoom is supposedly safe from the exploit now. We’ve reached out to Wardle for his analysis, and will update if he finds the vulnerability persists.
Step 1: turn OFF “auto-update”