San Francisco: A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.
According to The Verge, details of the exploit were released in a presentation by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas this week.
Zoom has already fixed some of the bugs involved, but the researcher also presented one unpatched vulnerability that still affects systems now.
The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions to install or remove the main Zoom application from a computer.
Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.
Also Read Samsung Galaxy Watch5 Series to start at Rs 27,999 When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories