Video conferencing software Zoom, whose popularity exploded at the time of confinement, was the victim of a security flaw that allowed malicious hackers to take control of a Mac.
Zoom
Zoom, a cross-platform instant messaging and video conferencing service, primarily geared towards professionals, but which offers a free version limited to 40 minutes and 100 people that individuals can use.
-
Downloads:
14292 -
Release date :
08/13/2022 -
Author :
Zoom.us -
Licence :
Free License -
Categories:
Internet – Communication – Productivity
-
Operating system :
Android, Linux, Online service All Internet browsers, Windows, iOS iPhone / iPad, macOS
If you’re using Zoom video conferencing software on macOS, it’s time to update the software. Indeed, a critical security flaw has been discovered within the application. Fortunately, this was quickly corrected. It is therefore advisable to download and install version 5.11.5 as soon as possible.
A failure to verify the .pkg
As proven by Patrick Wardle, a cybersecurity expert (and founder of the Objective-See association), previous versions of Zoom allowed malicious people to take control of a computer remotely to modify or delete any file. The exploitation of the fault has, moreover, nothing terribly complex.
Ironically, it was the auto-update feature that was causing trouble. The piece of code — which runs with administrator privileges — did not thoroughly check the integrity of downloaded files. As a result, a malicious person could pass off their malware for a Zoom update and gain full control of a machine. Technically, only executables signed with Zoom’s encryption key could enter the update circuit, but renaming malicious software with the name of a Zoom installer caused the system to install the package without flinching, infecting the machine. .
Zoom security often pinned
So the best thing to do is”apply updates or download the latest version of Zoom from the siteThis is not the first time that Zoom has found itself in the middle of a controversy over the security of its software. In 2019, the software already made it possible to turn on the webcam of certain Macs remotely. In 2020, it was a bug in Windows allowing the stealing of system credentials that made headlines. At the same time, in the middle of the containment, the company’s handling of personal data also left something to be desired. A year later, Zoom was fined $85 million for lying about data encryption.
As always, the best advice to guard against this kind of problem is to keep your software up to date and not to install files found anywhere on the web; especially if they require administrator rights on your machine.