2 min read

Mac users urged to update Zoom, after security patch released for previously-flawed security patch

Graham CLULEY

August 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Mac users urged to update Zoom, after security patch released for previously-flawed security patch

Zoom users on macOS are being told once again to update their copy of the video-conferencing software after a security hole was found that could be exploited by hackers.

At Defcon earlier this month, Mac security expert Patrick Wardle demonstrated a vulnerability in Zoom for macOS's auto-update feature  that could allow an attacker to "trivially escalate their privileges to root."

Wardle found a method by which malicious hackers could trick Zoom's auto-update feature into downgrading the software to an earlier (and hence less-secure) version of Zoom, or even install an entirely different program in its place - with root access to the entire Mac computer.

To its credit, Zoom issued a security update in response to Wardle's findings - and told Mac users to update their systems to Zoom version 5.11.5.

Wardle posted on Twitter that he was impressed with Zoom's "(incredibly) quick fix."

However, it has since turned out that Zoom's initial fix to the security vulnerability was not good enough.

Another Mac security researcher, Csaba Fitzl, looked at Zoom's patch and found it was incomplete, allowing him to bypass the fix and still exploit the vulnerability. And if a security researcher like Fitzl can find a way to exploit a weakness in Zoom's security patch, so could a malicious hacker.

This, of course, has meant that Zoom has had to release a security patch for its previous (flawed) security patch.

As you can see on Zoom's list of security bulletins, the fixes came in quick succession.

Zoom users on macOS would be wise to update their client to version 5.11.6 or later immediately.  I wouldn't recommend waiting for the auto-update feature to decide to look for an update.  Instead, initiate a manual update by choosing the "Check for Updates..." menu option within Zoom.

The latest version of Zoom (containing all the current security updates) is also available from Zoom's website at https://zoom.us/download

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read
Hackers Breach New Zealand Health Insurer Accuro Hackers Breach New Zealand Health Insurer Accuro
Filip TRUȚĂ

December 02, 2022

2 min read
Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read