Zoom has now released a patch for a critical security weakness in its MacOS-supported app. This security flaw supposedly enables a hacker to take control of the operating system of a user. Zoon announced the release in a security bulletin update on Saturday, August 13. The company said version 5.7.3 to version 5.11.3 of its macOS app holds susceptibility in the auto-update process.
The company said a local low-privileged user can execute it to expand its privileges to the root level. Mac security researcher Patrick Wardle first disclosed this security weakness at Def Con. Keep in mind that Def Con is one of the largest hacking conferences in the world. The conference was conducted last week in Las Vegas.
Hackers Can Access, Delete & Modify Files
It is noteworthy that Zoom released the patch just after Wardle described the security flaw to the conference audience. Wardle explained how it is simple to access the system of a user using the security weakness. Hackers can gain access to permissions including deletion, modification, and addition of files on a device. He also explained the security flaw on Twitter.
Wardle is a former hacker of the US National Security Agency. He is the founder of the Objective-See Foundation (a non-profit organization) that develops open-source security tools for macOS. Wardle tweeted on August 14 after Zoom released the update. He tweeted, Mahalos to Zoom for the amazing rapid fix.
Password Gateway Flaw in MacOS High Sierra
We found the Zoom installer is now reversing the patch and invoking its own to update the permissions. It is updating the update. pkg and preventing malicious involvement. Wardle claimed in 2017 and announced password gateway susceptibility in macOS High Sierra during its release time. He indicated that a hacker can easily steal every password in plain text.
For this purpose, a hacker uses an app downloaded from the internet without requiring the master login for Mac Keychain. However, Zoom reportedly categorized this latest exposure as ‘High’ with severity. The company also directed users to download the latest version of the macOS app.
Download the Latest Version of Zoom Software
You can keep yourself secure after applying current updates. However, users can visit the official website of the company and download the latest Zoom software with essential security updates. Keep in mind that Zoom runs in most web browsers without downloading or installing the software.
So, casual or occasional users of Zoom don’t need to install the Zoom client. They just need to follow the conference link received from the conference organizer. Users should wait until a “Join in browser” link appears in their browser. You must avoid clicking on the installer if Zoom automatically starts downloading a software installer.
Zoom Client Can Get Automatic Updates
Most of us know that updates are necessary portions of software technology to present new advanced features. Zoom client randomly releases updates after discovering a software bug or susceptibility and resolves the issues. Most people don’t get updated when they are busy or forgot to update their applications.
However, you can simplify the update process and get new updates automatically in the Zoom client. Go to ‘Settings’ in the General tab. Select the checkbox of Automatically Keep my Zoom up to date and select the automatic updates option. It would ask to enter admin credentials to allow automatic updates to run. Keep in mind that the ‘Slow’ option for an automatic update is selected by default and you turn it into a ‘Fast’ option.