Zoom has fixed a serious security flaw that could have allowed hackers to take control of a macOS device running video conferencing software.
The move came after Mac security expert Patrick Wardle demonstrated how a malicious actor could abuse the way macOS handles software patches to trigger privilege escalation and basically take control of the device. .
Initially, he said that the vulnerability exploited several flaws and that the company had patched most of them. However, one remained, and this was repaired at a later date to finally completely alleviate the problem.
cheat updater
The problem lies in the way macOS handles updates. When a user first tries to install an application or program on the endpoint, it must be run with special user permissions, often granted by sending a password. After that, automatic updates run indefinitely, with root privileges.
In the case of Zoom, the updater would first check to see if the company has cryptographically signed the new package, and if so, proceed with the update. However, if the updater obtained a file with the same name as Zoom's signing certificate, it would execute it. In other words, an attacker could slip any malware through the updater, even if it meant giving a third party full access to the device.
The flaw was later identified as CVE-2022-28756 and fixed in version 5.11.5 of Zoom for macOS, which is now available for download.
Although Wardle initially described the glitch as relatively easy to fix, even he was surprised at how quickly Zoom addressed the issue: "Mahalos to Zoom for the (incredibly) quick fix!" Wardle tweeted afterwards. "By reverting the fix, we see that the Zoom installer now invokes lchown to update the .pkg update permissions, preventing malicious subversion."
Via: The Verge (Opens in a new tab)