Zoom: Mac version with important security update

Important information for users of the video conferencing solution Zoom, the installed the whole thing on a Mac. Versions between 5.7.3 and 5.11.5 are affected by a critical vulnerability (CVE-2022-28756), which sits in the Auto-Updater and ensures that a attacker can get root privileges in the system. The current update to version 5.11.5 fixes this gap. So it doesn’t hurt to start the update.

New Security Bulletin from @Zoom just dropped?

” a vulnerability in the package signature validation

…a local user could escalate their privileges to root”

Talking about this bug (+more) tomorrow at @DefCon

“You’re M?u?t?e?d? Rooted”

? Fri, 8/11

? 1: 02 pm

?Track 4 pic.twitter.com/Gr4TnsUmeo

— patrick wardle (@patrickwardle) August 12, 2022

The exploit was discovered by security researcher Patrick Wardle, who created the Process demonstrated at the Def Con Hacking Conference in Las Vegas Normally, installing certain software on the Mac requires user and password confirmation Wardle found that the auto-update function runs in the background after the initial installation with superuser rights It is precisely this function that regularly checks whether Zoom is making a new signed version available. But a bug in the check allows an attacker to theoretically submit any file to the updater for installation, which results in a so-called privilege escalation hack.

This article contains affiliate links, so we mark it as advertising. By a Click on it to go directly to the provider. If you decide to make a purchase there, we will receive a small commission. Nothing changes in the price for you. Thank you for your support!

Related Articles

Back to top button