Zoom users with Macs can rest just a little easier. Ars Technica reports Zoom has updated its Mac software to patch a vulnerability that let would-be intruders manage systems. The video calling software’s auto-updater software not merely had root-level access, but had a signature verification system you could fool by just giving your package a familiar file name. A hacker could force your app to downgrade or elsewhere enable exploits.
Objective-See Foundation (OSF) creator and researcher Patrick Wardle first discovered the security hole, and disclosed it to Zoom in December this past year. Zoom fixed that problem, but introduced another bug along the way. Zoom addressed that, too, but Wardle found one more flaw. The OSF founder discussed his findings at Def-Con the other day. Zoom acknowledged the problem that day, and patched it afterward.
This is not the 1st time Zoom has grappled with security headaches, including for the Mac. In 2019, the business raced to repair a webcam hijack exploit that relied on a locally-created web server. Increased scrutiny of Zoom in the beginning of the COVID-19 pandemic in spring 2020 also prompted a full-scale review of the business’s practices. While that did result in changes, it’s clear Zoom isn’t immune to missteps.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. A few of our stories include affiliate links. In the event that you buy something through one of these brilliant links, we might earn a joint venture partner commission.