Friday, September 30

Zoom just fixed a major security flaw on Mac | Digital Trends Spanish

If you have Zoom installed on your MacBook, you’ll want to update the app right now. zoom spent the weekend patching a major security flaw in its Mac app, and the update is out right now.

According to TheVerge, it all started at Def Con, a computer security and hacker conference in Las Vegas. The founder of the non-profit security organization Objective-See and a former NSA security analyst, patrick wardletook to the stage on Friday and presented a surprising finding: a massive security vulnerability in the Zoom installer for MacBooks.

The exploit allowed a threat actor to take control of someone’s Mac through the zoom app, down to the root level of the machine. The Zoom package installer used a weak security certificate test and any file with the same name as the official Zoom package could easily bypass the test. At this level, the MacBook recognizes the hacker as a “super user” who can then read, change, or create any file, including adding other malware to the system.

Frustratingly, Wardle had discovered the security threat in December and reported his findings to Zoom. Wardle said Zoom didn’t take it seriously and released a patch after a month, containing another security bug. He informed Zoom of this second bug and, more importantly, that the first bug was not fixed. Zoom sat on it.

Wardle decided to go public with his findings at Def Con. He had followed responsible disclosure protocols, which give companies time to fix mistakes, and after eight months of inaction, he felt he had to warn others. Zoom released a small patch a few weeks before the conference, but Wardle said the vulnerability was still present.

This is not the first time that Zoom has been criticized for its lax security. In 2020, Wardle discovered a Mac vulnerability in Zoom that allowed cameras to be hijacked and microphones. Zoom was also found to have been sending user data to Facebookand then the US Department of Justice The United States filed charges against a Zoom executive for collusion with the Chinese government.

Zoom spent the weekend working on a new patch after Wardle’s presentation, and it’s out now. Version 5.11.5 is a free update for Mac-based Zoom installations and is available now.

If you prefer to use a different video conferencing platform, check out our handy guide to Microsoft Teams.

Publisher Recommendations