pkg, thus preventing malicious subversions □□□ pic.twitter. Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update. Zoom is a free program for Mac that belongs to the category Chat-instant-messaging, and has been developed by Zoom Video Communications Inc. Once installed, attackers can use the malicious program to gain more access to a user’s system, potentially to modify, delete, or even add files to the device.Īs spotted by MacRumors, Zoom addressed the issue in its August 13th security bulletin, noting that version 5.11.5 of Zoom for Mac fixes the flaw and is now available. Wardle discovered that it was possible to ‘trick’ Zoom into installing a malicious program by adding Zoom’s cryptographic signature to the package. Per The Verge, the exploit leverages the Zoom installer, which requires special user permissions to run. Security researcher and founder of the non-profit Objective-See Foundation Patrick Wardle uncovered the Zoom security flaw and presented it at last week’s Def Con hacking conference. Follow to on-screen prompts to install Zoom Client. Double click on Zoom.pkg to launch the installer. Head to the Zoom Download Center and click the blue Download button underneath Zoom Client For Meetings. Zoom has pushed out version 5.11.5 of its Mac app, which includes an important security fix for a relatively recent security flaw. Instead, you’ll have to download Zoom Client.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |