The latest version of Zoom fixes a critical security flaw on macOS

The latest version of Zoom fixes a critical security flaw on macOS

Video conferencing software Zoom, whose popularity exploded at the time of confinement, was the victim of a security flaw that allowed malicious hackers to take control of a Mac.


Zoom

Zoom, a cross-platform instant messaging and video conferencing service, primarily geared towards professionals, but which offers a free version limited to 40 minutes and 100 people that individuals can use.

  • Downloads:
    14160
  • Release date :
    08/13/2022
  • Author :
    Zoom.us
  • Licence :
    Free License
  • Categories:

    Internet – Communication – Productivity

  • Operating system :

    Android, Linux, Online service All Internet browsers, Windows, iOS iPhone / iPad, macOS

If you’re using Zoom video conferencing software on macOS, it’s time to update the software. Indeed, a critical security flaw has been discovered within the application. Fortunately, this was quickly corrected. It is therefore advisable to download and install version 5.11.5 as quickly as possible.

A failure to verify the .pkg

As proven by Patrick Wardlea cybersecurity expert (and founder of theObjective-See association), previous versions of Zoom allowed malicious people to remotely take control of a computer to modify or delete any file. The exploitation of the fault has, moreover, nothing terribly complex.

Ironically, it was the auto-update feature that was causing trouble. The piece of code — which runs with administrator privileges — did not thoroughly check the integrity of downloaded files. As a result, a malicious person could pass off their malware for a Zoom update and gain full control of a machine. Technically, only executables signed with Zoom’s encryption key could enter the update circuit, but renaming malicious software with the name of a Zoom installer caused the system to install the package without flinching, infecting the machine. .

Zoom security often pinned

So the best thing to do is”apply updates or download the latest version of Zoom from the siteindicates the company. This is not the first time that Zoom has found itself in the middle of a controversy over the security of its software. In 2019, the software already made it possible to turn on the webcam of certain Macs remotely. In 2020, it was a bug on windows stealing system credentials was all the rage. At the same time, in the middle of confinement, the company’s processing of personal data also left something to be desired. A year later, Zoom was fined $85 million for lying about data encryption.

As always, the best advice to guard against this kind of problem is to keep your software up to date and not to install files found anywhere on the web; especially if they require administrator rights on your machine.

Advertising, your content continues below

Advertising, your content continues below