Zoom has patched a bug in macOS that could allow a hacker to take control of a user’s operating system (through MacRumors). In an update to the security bulletinZoom acknowledges the issue (CVE-2022-28756) and says a fix is included in version 5.11.5 of the app on Mac, which you can (and should) download now.
Patrick Wardle, a security researcher and founder of the Objective-See Foundation, a nonprofit that makes open-source macOS security tools, discovered the flaw and presented it at the Def Con hacking conference last week. My colleague, Corin Faife, attended the event and reported on Wardle’s findings.
As Corin explains, the exploit targets the Zoom installer, which requires special user permissions to run. By using this tool, Wardle discovered that hackers could essentially “trick” Zoom into installing a malicious program by placing Zoom’s cryptographic signature on the package. From here, attackers can then gain further access to a user’s system, allowing them to modify, delete, or add files on the device.
If we uninstall the patch, we see that the Zoom installer now calls lchown to update the permissions of the update .pkg, preventing malicious subversions pic.twitter.com/00xjqKQsXs
— patrick wardle (@patrickwardle) August 14, 2022
“Mahalos to Zoom for the (incredibly) quick fix!” Wardle said in response: to the Zoom update. “If we roll back the patch, we see that the Zoom installer now calls lchown to update the .pkg update permissions, preventing malicious subversion.”
You can install the 5.11.5 update on Zoom by first opening the app on your Mac and clicking . to push zoom.us (this may vary depending on the country you are in) in the menu bar at the top of your screen. Then select Check for updates, and if one is available, Zoom will display a window with the latest app version, along with details of what’s changing. Select from here Update to start the download.
