Zoom Exploit on MacOS

2022-08-17 11:11

The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer.

Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom.

A bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom's signing certificate would be enough to pass the test-so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege.

Following responsible disclosure protocols, Wardle informed Zoom about the vulnerability in December of last year.

To his frustration, he says an initial fix from Zoom contained another bug that meant the vulnerability was still exploitable in a slightly more roundabout way, so he disclosed this second bug to Zoom and waited eight months before publishing the research.

News URL

https://www.schneier.com/blog/archives/2022/08/zoom-exploit-on-macos.html

#exploit #macos #zoom

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zoom		52	4	50	57	9	120