Zoom users with Macs can breathe a sigh of relief. According to Ars Technica, as the platform has updated its Mac software to address a vulnerability that allowed would-be intruders to take control of systems.
The auto-updater software for the video calling software not only had root-level access, but it also had a signature verification system that you could fool by simply giving your package a familiar file name.
A hacker could force your app to downgrade or enable exploits in other ways.
Patrick Wardle, the founder and researcher of the Objective-See Foundation (OSF), discovered the security flaw and reported it to Zoom in December of last year. Zoom fixed the problem, but in the process introduced another bug.
Zoom addressed this as well, but Wardle discovered another flaw. Last week, the OSF founder spoke about his findings at Def-Con. Zoom acknowledged the problem that day and fixed it later.
This isn’t the first time Zoom has had security issues, including on the Mac. In 2019, the company rushed to patch a webcam hijacking exploit that used a locally created web server.
Increased scrutiny of the app at the start of the COVID-19 pandemic in spring 2020 prompted a thorough examination of the company’s practices. While this did result in changes, it is clear that Zoom is not immune to mistakes.