Zoom’s latest update on Mac includes a fix for a dangerous security flaw
Zoom has issued a patch for a bug on macOS that could allow a hacker to take control of a user’s operating system (via MacRumors). In an update on its security bulletin, Zoom acknowledges the issue (CVE-2022-28756) and says a fix is included in version 5.11.5 of the app on Mac, which you can (and should) download now.
Patrick Wardle, a security researcher and founder of the Objective-See Foundation, a nonprofit that creates open-source macOS security tools, first uncovered the flaw and presented it at the Def Con hacking conference last week. My colleague, Corin Faife, attended the event and reported on Wardle’s findings.
As Corin explains, the exploit targets the Zoom installer, which requires special user permissions to run. By leveraging this tool, Wardle found that hackers could essentially “trick” Zoom into installing a malicious program by putting Zoom’s cryptographic signature on the package. From here, attackers can then gain further access to a user’s system, letting them modify, delete, or add files on the device.