Zoom has issued a patch for a bug on MacOS that could allow a hacker to take control of a user’s operating system. In an update on its security bulletin, zoom acknowledges the issue.
Patrick wardle, a security researcher and founder of the objective-see foundation, first uncovered the flaw and presented it at the Def con hacking conference last week. His colleague, corin faife, attended the event and reported on wardle’s findings.
Hackers could’trick’ zoom into installing a malicious program by putting zoom’s cryptographic signature on the package. From here, attackers can gain further access to a user’s system, letting them modify, delete, or add files on the device.
Zoom Fixer now invokes lchown to update the permissions of the update Pkg, thus preventing malicious subversions, pic.twitter.com/00xjqkqsxsxs.
Reversing the patch, we see the zoom installer now invokes lchown to update the permissions of the update.pkg, thus preventing malicious subversion.