Zoom has been unable to fix a critical vulnerability in the macOS version for more than six months.
At the end of 2021, independent security researcher Patrick Wardle discovered a critical vulnerability in the Zoom installer for macOS, which the developers patched in August 2022, but only partially. Message about it seen On The Verge website. Wardle gave a relevant presentation at the Def Con information security conference, which took place August 11-14 in Las Vegas.
According to the researcher, the vulnerability he discovered allows attackers to take full control over MacOS. To exploit the bug, hackers only need to have primary access to the target computer. The latter is relatively easy to obtain, as a rule, as a result of phishing attacks.
Wardle also noted that after the discovery of the vulnerability, he immediately reported the problem to the Zoom team. Along with a description of the problem, the security researcher posted instructions on how to fix it. However, the patch that Zoom only released on the eve of Def Con, 6 months after the vulnerability was discovered, only partially resolved the issue. The fix only eliminated the possibility of exploiting the vulnerability according to the scenario described by Wardle, but did not close it completely.
“For me, this was pretty awkward, because I not only reported the bug to Zoom but also told me how to fix this bug,” Wardle said in his keynote.
About zooming to Verge reporters reportedthey are aware of the problem and are working hard to fix it.
Earlier, socialbites.ca wrote that in Russia Zoom was fined 1 million rubles for refusing to localize the personal data of Russians.