Zoom Fixes Bug That Harms Mac Users’ Security

Mac users can now download the newest update of Zoom Version 5.11.5. The update includes the bug that affects the users' security and was presented by Mac Security Researcher Patrick Wardle last Friday, August 12, as reported first by The Verge.

FRANCE-HEALTH-VIRUS-CULTURE-THEATRE
Spectators including Arsenal's Gabonese forward Pierre-Emerick Aubameyang (up) attend by videoconference the live streaming show of French humorists Othman and Kalvin at the Apollo Theatre in Paris on May 14, 2020. - France is easing lockdown measures in place for 55 days to curb the spread of the COVID-19 pandemic, caused by the novel coronavirus. (Photo by FRANCK FIFE / AFP) / RESTRICTED TO EDITORIAL USE - MANDATORY MENTION OF THE ARTIST UPON PUBLICATION - TO ILLUSTRATE THE EVENT AS SPECIFIED IN THE CAPTION FRANCK FIFE/AFP via Getty Images

Wardle expressed his gratitude to the company via Twitter for doing an 'incredibly quick fix'. The subversion of the attacker could now be prevented through the Zoom installer that now cites Ichown and updates the permissions in the .pkg update.

The first step of installing the 5.11.5 update is clicking zoom.us from the menu bar at the top of the screen, clicking the Check for updates, and selecting Update to begin. Zoom will display the details about the update on the application itself.

The bug was presented at the Las Vegas DefCon Security Conference, where he detailed the issue one by one. Zoom acknowledges this issue by including it on their Security Bulletin the day after the conference of Wardle, and immediately resolving the bug by having a new update.

The Bug's Risk to its Users

In Wardle's presentation, he indicated that when users enter their password, the auto-update function is continuously running in the background and has whole access to what they are typing. Through this, the attacker now has the power to do malicious subversion as they already have the initial access to the target.

The security researcher also presented the bugs and the ways to fix the issue before he presented last Friday, yet Zoom delayed it for a few months and only took action after the conference.

Zoom also issued a patch before the presentation of Wardle, yet through his analysis, a bug was also identified, and it also allows the exploitation of the attackers.

The same day as the presentation, Zoom's Security and Privacy Lead released a statement via The Verge and stated that the company is fully aware of the vulnerabilities to the auto-update feature for macOS, and they have been working on the issued statement on their Security Bulletin.

Zoom was Down

Last June, users vented their frustrations online as they did not have access to conduct and enter online meetings. Zoom received 13, 884 reports as early as 9:40 AM EST. This was also the same day of the start of the work day in US and UK's culmination hence the number of outraged people.

The issue was resolved 8 hours after, 5:13 PM to be exact, and confirms the problem as it rooted in an "intermittent login issue to the core Zoominfor platform and API services."

This article is owned by TechTimes


Written by Inno Flores

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics