Zoom has pushed out version 5.11.5 of its Mac app, which includes an important security fix for a relatively recent security flaw.
Security researcher and founder of the non-profit Objective-See Foundation Patrick Wardle uncovered the Zoom security flaw and presented it at last week’s Def Con hacking conference. Per The Verge, the exploit leverages the Zoom installer, which requires special user permissions to run. Wardle discovered that it was possible to ‘trick’ Zoom into installing a malicious program by adding Zoom’s cryptographic signature to the package.
Once installed, attackers can use the malicious program to gain more access to a user’s system, potentially to modify, delete, or even add files to the device.
Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversions 🔐👍🏽 pic.twitter.com/00xjqKQsXs
— patrick wardle (@patrickwardle) August 14, 2022
In a tweet, Wardle congratulated Zoom on the quick fixing, noting that it looks like the installer now “invokes lchown to update the permissions of the update” package to prevent malicious apps from sneaking in.
As such, you’ll likely want to grab the latest Zoom update right away to make sure you are protected against the exploit. You can update Zoom by opening the app and clicking the name in the menu bar, then ‘Check for updates.’ If one’s available, you’ll need to click ‘Update’ to start the process.
Header image credit: Shutterstock