Zoom installer flaw may give attackers root access to Mac: report


Posted: Date Posted – 3:30 PM, Sat – Aug 13, 22

San Francisco: A security researcher has found a way for an attacker to leverage the macOS version of Zoom to gain access to the entire operating system.

According to The Verge, details of the exploit were published in a presentation by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas this week.

Zoom has already patched some of the bugs involved, but the researcher also exposed an unpatched vulnerability that still affects systems today.

The exploit works by targeting the Zoom app installer, which must run with special user permissions to install or remove the main Zoom app from a computer.

Although the installer requires a user to enter their password when initially adding the application to the system, Wardle discovered that an automatic update feature then continuously ran in the background- plan with superuser privileges.

When Zoom released an update, the update function installed the new package after verifying that it had been cryptographically signed by Zoom.

But a bug in the implementation of the verification method meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test – so an attacker could replace any malware and have it run by the elevated privilege updater, according to the report.

The result is a privilege escalation attack, which assumes an attacker has already gained initial access to the target system, then employs an exploit to gain a higher level of access.

In this case, the attacker starts with a restricted user account but moves to the most powerful type of user – known as “superuser” or “root” – allowing him to add, remove or modify any file on the machine.


Comments are closed.