Discovering a security vulnerability in “Zoom” that can penetrate the “Mac OS” system

A cybersecurity researcher has revealed a vulnerability in the “Zoom” communication application, through which it can attack the Mac OS version.

The details of the vulnerability were revealed in a presentation given by Patrick Wardle, a Mac security specialist, at a hacking conference in Las Vegas, organized on Friday.

Some bugs have already been fixed, but the researcher also provided one uncorrected security vulnerability that still affects the systems so far, according to what The Verge reported.

The vulnerability appears by targeting the installation program of the “Zoom” application, which needs to run with special permission from the user, in order to install or remove it from the computer.

Although the installer requires the user to enter their password when the app is first added to the system, Wardle has found that the auto-update function then runs continuously in the background with user privileges.

When the Zoom app released its latest update, it installed a new package of protection mechanisms after verifying its signature in encrypted form.

But any error in how the examination method is implemented means giving the updater an opportunity to access the application, such as entering a file with a name similar to the Zoom signature certificate, “as this will be enough to pass those mechanisms,” according to the same specialist.

As a result, the attacker has already gained initial access to the target system and then uses another vulnerability to gain a higher level of access.

In this case, the attacker starts with a restricted user account but escalates to the most powerful user type, known as a “super user”, allowing him to add, remove, or modify any files on the device.

Wardle is the founder of the Objective Sea Foundation, a nonprofit that creates open source security tools for Mac OS X.

Wardle reported the vulnerability to Zoom in December of last year, but was frustrated, saying that the initial fix from Zoom contained another bug that means the vulnerability is still exploitable in a slightly roundabout way, so he exposed this bug. The second was for Zoom, and waited eight months before publishing the research.

Related posts:

Digital books: take your reading everywhere with Nextory
TCL confirms presence at CES 2024 and promises to present its entire portfolio
US may apply sanctions against more Chinese manufacturers after Micron ban
OLED TV: Samsung is already developing a big improvement to its QD-OLED technology
tvOS 17.1: Enhance Dialogue feature may arrive for all Apple HomePods
David Guetta, crowned best DJ in the world for the 4th time
Windows 11: Microsoft leaks link to tool that unlocks hidden resources in the system
EVGA GeForce RTX 3090 Ti Kingpin received a 28-phase VRM subsystem and two 12 + 4-pin power connecto...

“the risks of takeovers persist”

A young man practices vice online with a very beautiful Jordanian girl.. and after he completed his fun, the end was disastrous and the unthinkable happened.! !

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.