Zoom rolls out fix for Mac app security flaw

Download or update to version 5.11.5 to make sure you're protected against the vulnerability

Zoom has pushed out version 5.11.5 of its Mac app, which includes an important security fix for a relatively recent security flaw.

Security researcher and founder of the non-profit Objective-See Foundation Patrick Wardle uncovered the Zoom security flaw and presented it at last week’s Def Con hacking conference. Per The Verge, the exploit leverages the Zoom installer, which requires special user permissions to run. Wardle discovered that it was possible to ‘trick’ Zoom into installing a malicious program by adding Zoom’s cryptographic signature to the package.

Once installed, attackers can use the malicious program to gain more access to a user’s system, potentially to modify, delete, or even add files to the device.

As spotted by MacRumors, Zoom addressed the issue in its August 13th security bulletin, noting that version 5.11.5 of Zoom for Mac fixes the flaw and is now available.

In a tweet, Wardle congratulated Zoom on the quick fixing, noting that it looks like the installer now “invokes lchown to update the permissions of the update” package to prevent malicious apps from sneaking in.

As such, you’ll likely want to grab the latest Zoom update right away to make sure you are protected against the exploit. You can update Zoom by opening the app and clicking the name in the menu bar, then ‘Check for updates.’ If one’s available, you’ll need to click ‘Update’ to start the process.

Header image credit: Shutterstock

Source: Zoom Via: MacRumors, The Verge