Zoom users on a Mac can have it a little easier. Ars Technica reports that Zoom has updated its Mac software to patch a vulnerability that could allow would-be intruders to take control of the system. The auto-update software for video calling software not only has root-level access, but also has a signature verification system that you can trick by simply giving your package a familiar filename. Hackers may force your app to downgrade or otherwise enable exploits.
Objective-See Foundation (OSF) creator and researcher Patrick Wardle first discovered the security flaw and disclosed it to Zoom last December. Zoom fixed that, but introduced another bug in the process. Zoom also fixed this problem, but Wardle found another flaw. The OSF founder discussed his findings at Def-Con last week. Zoom acknowledged the issue that day and has since patched it.
This isn’t the first time Zoom has addressed security issues, including Macs. In 2019, the company raced to fix a webcam hijacking vulnerability that relied on locally created web servers. Increased scrutiny of Zoom at the start of the COVID-19 pandemic in the spring of 2020 also prompted an overhaul of the company’s practices. While this did lead to changes, it’s clear that Zoom wasn’t immune to missteps.
All products featured by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. We may receive an affiliate commission if you purchase through one of these links.
