Zoom on macOS gets update to fix high-risk security flaw

Zoom has released a new patch to fix a vulnerability in the macOS application that allows hackers to take over the user’s operating system. In the security bulletin, Zoom acknowledged the existence of the CVE-2022-28756 problem and stated that a fix has been provided in the latest 5.11.5 version, and users should understand the download and installation.

Patrick Wardle, co-founder and security expert at the Objective-See Foundation, first discovered the vulnerability and demonstrated it publicly at the Def Con hacking conference last week. The vulnerability exists in Zoom’s macOS installation package and requires special user rights to execute.

By exploiting this tool, Wardle exploited the cryptographic signature of the Zoom installation package to install malicious programs. Next, the attacker can take over the user’s system, allowing files to be modified, deleted, and added.

After citing Zoom’s update, Wardle said: “Thanks to Zoom for fixing this so quickly. Reversing the patch, the Zoom installer now calls lchown to update the permissions of the update .pkg, preventing malicious use”.

You can install the 5.11.5 update on Zoom by first opening the app on your Mac and clicking zoom.us from the menu bar at the top of the screen (this may vary depending on your country). Then, select Check for Updates, and if available, Zoom will display a window with the latest version of the app, along with details about what’s changed. From here, select Updates to start downloading.

Source

Leave a Comment