Zoom is a constant target for hacker attacks. While some of them were unpleasant but rather innocent (like the so-called Zoom-bombing), others are much more dangerous, enabling the intruder to take over the computer. The recent update of Zoom for Mac addresses this issue that turned out to be one of the biggest vulnerabilities in the history of the service.
As Zoom explains, versions from 5.7.3 to 5.11.3 for macOS had a serious security flaw. Exploiting its auto-update process vulnerabilities, a low-privileged local user could gain full access to the computer, including root privileges. This issue exploits the privileges that are required for automatic updating process. A hacker would only need to rename the malware, so its new name coincides with the name of Zoom’s signing certificate, and the updater uses its privileges to install it.
It has been around for quite a while and only revealed after several updates by Patrick Wardle, a Mac security researcher, on August 12 at the DEF CON hacking conference (Las Vegas). Zoom reacted to this by releasing the patch on the next day. The update CVE-2022-28756 addresses the issue and removes the vulnerability. Later, another patch was released on August 17 (CVE-2022-28757) that closed the possibility to bypass the previous patch in 5.11.5.
If you have not been updating your Zoom for Mac for a while, it’s time to do it, even if you don’t let any low-privileged users access your Mac physically. You must ensure your current Zoom version is 5.11.5 or higher and all the security patches available are installed. Given that these vulnerabilities come unnoticed more frequently than we’d like, we can recommend you keeping up with updates. And though it’s relevant for all the apps, Zoom, due to its popularity and online presence, remains one of the most desirable objects for hacking.
Have you experienced this issue with Zoom on your Mac? Have you already installed the patch? Do you update your apps on Mac automatically? Tell us what you think about it in the comments!