Mac users can now download the newest update of Zoom Version 5.11.5. The update includes the bug that affects the users' security and was presented by Mac Security Researcher Patrick Wardle last Friday, August 12, as reported first by The Verge.
Wardle expressed his gratitude to the company via Twitter for doing an 'incredibly quick fix'. The subversion of the attacker could now be prevented through the Zoom installer that now cites Ichown and updates the permissions in the .pkg update.
The first step of installing the 5.11.5 update is clicking zoom.us from the menu bar at the top of the screen, clicking the Check for updates, and selecting Update to begin. Zoom will display the details about the update on the application itself.
The bug was presented at the Las Vegas DefCon Security Conference, where he detailed the issue one by one. Zoom acknowledges this issue by including it on their Security Bulletin the day after the conference of Wardle, and immediately resolving the bug by having a new update.
The Bug's Risk to its Users
In Wardle's presentation, he indicated that when users enter their password, the auto-update function is continuously running in the background and has whole access to what they are typing. Through this, the attacker now has the power to do malicious subversion as they already have the initial access to the target.
The security researcher also presented the bugs and the ways to fix the issue before he presented last Friday, yet Zoom delayed it for a few months and only took action after the conference.
Zoom also issued a patch before the presentation of Wardle, yet through his analysis, a bug was also identified, and it also allows the exploitation of the attackers.
The same day as the presentation, Zoom's Security and Privacy Lead released a statement via The Verge and stated that the company is fully aware of the vulnerabilities to the auto-update feature for macOS, and they have been working on the issued statement on their Security Bulletin.
Zoom was Down
Last June, users vented their frustrations online as they did not have access to conduct and enter online meetings. Zoom received 13, 884 reports as early as 9:40 AM EST. This was also the same day of the start of the work day in US and UK's culmination hence the number of outraged people.
The issue was resolved 8 hours after, 5:13 PM to be exact, and confirms the problem as it rooted in an "intermittent login issue to the core Zoominfor platform and API services."
Related Article : Video Conferencing Application Zoom is Down with Select 'Subset of Users' Experiencing Limited Performance
This article is owned by TechTimes
Written by Inno Flores