Users of the macOS version of Zoom are being urged to apply a patch after a vulnerability was discovered that could allow an attacker to gain access over the entire operating system.
Specifically, the vulnerability lies in the Zoom Client for Meetings app for macOS, both standard and IT admin editions, with version 5.7.3 and before 5.11.5. The auto update process contains the bug, which allows a local low-privileged user to exploit the vulnerability to escalate their privileges to root.
The Verge reported on the exploit, the details of which were released in a presentation by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas last week.
According to the report, an attacker could exploit the vulnerability by targeting the installer for the Zoom application, which needs to run with special permissions to install or remote the main Zoom application from a Mac.
The installer includes an auto-update function that runs in the background with superuser privileges, even though the installer requires a user to enter their password on first adding the app to the system.
Here’s more from The Verge’s own reporting:
When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom. But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test — so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege.
The result is a privilege escalation attack, which assumes an attacker has already gained initial access to the target system and then employs an exploit to gain a higher level of access. In this case, the attacker begins with a restricted user account but escalates into the most powerful user type — known as a “superuser” or “root” — allowing them to add, remove, or modify any files on the machine.
Wardle reportedly informed Zoom about the bug in December of last year, but the company’s first attempt at a fix created another vulnerability.
Zoom’s patch in version 5.11.5 fixes both issues.
Now that these exploits are public, organizations running Zoom on Mac devices should apply these patches immediately. a
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!