Video conferencing software Zoom recently found a flaw in its Mac client that allowed hackers to gain remote access to users’ systems. Now, the company has launched an update for its macOS app that fixed the vulnerability without affecting the app’s automatic update features.
Last week, Zoom acknowledged a flaw previously found by a security researcher named Patrick Wardle. Wardle, a security researcher and founder of the Objective-C Foundation, a non-profit that makes open-source macOS security tools, first found a flaw and presented it at the Def Con hacking conference that took place last week. The exploit targets the Zoom installer, which requires special user permissions to run. By taking advantage of this tool, hackers can trick users into installing a malicious program by impersonating Zoom’s cryptographic signature. Once installed, attackers can gain control of a user’s system, allowing them to modify, delete or add files to the device.
With the 5.11.5 update, Zoom has fixed the vulnerability. Users can download the update on macOS devices by opening its app and then visiting Zoom.us from the menu bar at the top of the screen. Users can check for updates and if one is available, Zoom will display a window with the latest app version, along with what’s changing. From here, users can select Update to start downloading the app.
Security researcher Wardle also praised Zoom for its quick response. “Mahlos to Zoom for the (incredible) quick fix!,” he said in a tweet. “Reversing the patch, we see that the Zoom installer now invokes lchown to update the permissions of the update.pkg, thus preventing malicious subversion,” he said.
read the breaking news And today’s fresh news Here