A Zoom Vulnerability

[New_Style_xd]

Lessons to remember from DEF CON 30: Vulnerability in Zoom for macOS.

In March 2020, when the entire world was just starting to deal with remote work, a vulnerability was discovered in the installation package for Zoom — one of the world's top remote communication tools — allowing arbitrary code execution on Apple computers. . Zoom fixed the vulnerability… sort of.

Moving forward in time, now in August 2022, a similar loophole was found (in terms of location and exploration consequences).

What is the latest vulnerability?

The new issue in the Zoom video conferencing app was highlighted by renowned researcher Patrick Wardle at DEF CON 30 in early August this year. In short, some bugs were found in Zoom's auto-update system for Apple users. These bugs, in theory, made it possible to obtain so-called superuser rights, which allow a would-be attacker to do whatever he wants on a victim's computer.

To exploit the vulnerability, however, the malicious person needed to have physical access to the computer, albeit without special rights. But this is not a totally unrealistic scenario: for example, the user can go to lunch and forget to lock the computer. Theoretically, the vulnerability could also be exploited by malware, which would otherwise not cause serious harm to the user.

 

[SeedTheNet]

I actually hate ZOOM and hate ZOOM Meetings