The most dangerous meeting bug in the Apple macOS version of the online video console Zoom has been fixed. This bug had the potential to allow hackers to gain control of such a user’s operating system whenever they opened the meeting app.
The company stated in a software update that the Zoom clients for presentations for macOS, beginning with version 5.7.3 & before 5.11.5, “contains vulnerabilities in the automatic update process.” This information was provided by the company.
According to the statement made by the company, “A local low-privileged user might attack the vulnerability to elevate their privileges to root.”
Zoom has acknowledged the vulnerability (CVE-2022-28756), and the company has stated that it has released a cure for the bug in version 5.11.5 of the program for Mac, which customers may immediately download.
An earlier investigation by a security researcher unearthed a vulnerability in the version of Zoom for macOS that allowed an adversary to exploit the flaw and obtain access to the complete operating system.
As reported by The Verge, the specifics of the attack were disclosed during a presentation given by Patrick Wardle, a Mac security expert, at the Def Con hacking conference held in Las Vegas the previous week.
Zoom had previously resolved several of the flaws that were involved, but the most hazardous one remained on macOS, where it remained until it was recently fixed.
The installer for such a Zoom application was the target of the exploit. To successfully install or uninstall the primary Zoom application from such a computer, the installer for the Zoom app needs to run with specific user permissions.
Wardle discovered that such an auto-update feature then constantly ran in the backstory with superuser privileges after the application was initially added to the system. Despite the fact that the installer needs a user to provide their password when initially adding the apps to the system.
After verifying that the new program had been cryptographically certified by Zoom, the auto-update function would proceed to install it whenever Zoom released a new version of its software.