Zoom updates macOS app to patch root entry exploit

AppleInsider is supported by its viewers and should earn fee as an Amazon Affiliate and affiliate associate on qualifying purchases. These affiliate partnerships don’t affect our editorial content material.

Zoom has launched a patch for its Mac app, fixing a vulnerability in its automated updating perform that would grant macOS root privileges to an attacker.

Revealed on the Def Con hacking convention on Friday, Patrick Wardle of Goal-See detailed an unpatched vulnerability in Zoom. After a number of makes an attempt, Zoom launched one other patch on Saturday to attempt to kill off the exploit.

Regardless of having adopted accountable disclosure protocols, and informing Zoom in December 2021, Wardle discovered that makes an attempt to repair the exploitable bug by Zoom fell slightly brief.

Wardle found a privilege escalation assault within the Zoom utility, particularly one which takes benefit of the installer for Zoom itself. After needing a person to enter the password on the primary set up to a Mac, the auto-updater continued to function with superuser privileges.

Additional updates from Zoom would have the updater putting in it after checking it was signed by Zoom. Nonetheless, Wardle discovered the updater would work with any file that had the identical identify as Zoom’s signing certificates, creating a gap for an assault.

Frustratingly, Wardle instructed Zoom in December, however then noticed that an preliminary repair contained one other bug that stored the vulnerability exploitable. Wardle then instructed Zoom in regards to the second bug, and waited.

Weeks earlier than Def Con, Zoom issued a patch to repair the preliminary bug, however that too had an exploitable factor that allowed the exploit to work.

On August 13, Zoom launched one other patch for its macOS consumer, once more focusing on the identical vulnerability. The safety bulletin web page describes the problem as affecting Zoom Shoppers for macOS from model 5.7.3 onwards, with the patch itself bringing the app to model 5.11.5.