Zoom patches Mac auto-updater vulnerability that granted root access - Ars Technica

Zoom patches Mac auto-updater vulnerability that granted root access - Ars Technica

Zoom patches Mac auto-updater vulnerability that granted root access - Ars Technica
Aug 15, 2022 58 secs

The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system.

The problem is that by simply passing the verification checker the name of the package it was looking for ("Zoom Video ... Certification Authority Apple Root CA.pkg"), this check could be bypassed.

That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.

Wardle disclosed his findings to Zoom before his talk, and some aspects of the vulnerability were addressed, but key root access was still available as of Wardle's talk on Saturday.

Zoom issued a security bulletin later that same day, and a patch for version Zoom 5.11.5 (9788) followed soon after.

Prior to that, Zoom was caught running an entire undocumented web server on Macs, causing Apple to issue its own silent update to kill the server.

Ars' Dan Goodin noted that his Zoom client didn't actually update when the fix for that issue arrived, requiring a manual download of an intermediate version first.

1 Don’t open your Apple Watch Ultra - 9to5Mac

Sep 24, 2022 # technology 1 min, 7 secs

2 Watch Prince Harry and Princess Charlotte Share Sweet Smile - Cosmopolitan

Sep 20, 2022 # entertainment 22 secs

3 Crowd control causes issues at San Francisco's Portola fest - SFGATE

Sep 25, 2022 # entertainment 1 min, 21 secs

4 Tonga volcano blast was unusual, could even warm the Earth - The Associated Press

Sep 22, 2022 # science 42 secs

5 Amazon's second Prime Day sale will take place Oct. 11-12 - CNBC

Sep 26, 2022 # politics 32 secs

6 Ford stock has biggest daily drop since 2011 after inflation warning - Reuters

Sep 20, 2022 # politics 47 secs

7 Android App Copying iPhone 14 Pro's Dynamic Island Released on Play Store - MacRumors

Sep 22, 2022 # technology 20 secs

8 Russia-Ukraine war latest: what we know on day 214 of the invasion - The Guardian

Sep 25, 2022 # politics 1 min, 7 secs

9 Alec And Hilaria Baldwin Just Had Their Seventh Kid, And I Think I Need To Lie Down Over The Name - BuzzFeed

Sep 25, 2022 # politics 3 secs

10 USB-A adapter adds instant Wi-Fi 6E support to Windows 11 PCs - Ars Technica

Sep 23, 2022 # technology 54 secs

11 House Republicans will move 'very quickly' on Hunter Biden investigation if they win majority: Jon Levine

Sep 22, 2022 # breaking 2 secs

12 Asia markets sink on hawkish Fed; yen weakens ahead of Bank of Japan decision - CNBC

Sep 22, 2022 # politics 1 min, 7 secs

13 Wynonna Judd ‘incredibly angry’ over mom Naomi’s death by suicide - Page Six

Sep 25, 2022 # entertainment 56 secs

14 This guy is using AI to make a movie — and you can help decide what happens next - CNN

Sep 25, 2022 # technology 1 min, 30 secs

15 The Love Horoscope For Each Zodiac Sign On Thursday, September 22, 2022 - YourTango

Sep 22, 2022 # entertainment 1 min, 3 secs

16 Bank Directors Urge Firing Of Trump Official In Ethics Probe

Sep 23, 2022 # breaking 1 min, 39 secs

Get monthly updates and free resources.


© Copyright 2022 365NEWSX - All RIGHTS RESERVED