Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Zoom updates macOS app to patch root access exploit

Zoom has released a patch for its Mac app, fixing a vulnerability in its automatic updating function that could grant macOS root privileges to an attacker.

Revealed at the Def Con hacking conference on Friday, Patrick Wardle of Objective-See detailed an unpatched vulnerability in Zoom. After multiple attempts, Zoom released another patch on Saturday to try and kill off the exploit.

Despite having followed responsible disclosure protocols, and informing Zoom in December 2021, Wardle found that attempts to fix the exploitable bug by Zoom fell a little short.

Wardle discovered a privilege escalation attack in the Zoom application, specifically one that takes advantage of the installer for Zoom itself. After needing a user to enter the password on the first installation to a Mac, the auto-updater continued to operate with superuser privileges.

Further updates from Zoom would have the updater installing it after checking it was signed by Zoom. However, Wardle found the updater would work with any file that had the same name as Zoom's signing certificate, creating an opening for an attack.

Frustratingly, Wardle told Zoom in December, but then saw that an initial fix contained another bug that kept the vulnerability exploitable. Wardle then told Zoom about the second bug, and waited.

Weeks before Def Con, Zoom issued a patch to fix the initial bug, but that too had an exploitable element that allowed the exploit to work.

On August 13, Zoom released another patch for its macOS client, again targeting the same vulnerability. The security bulletin page describes the issue as affecting Zoom Clients for macOS from version 5.7.3 onwards, with the patch itself bringing the app to version 5.11.5.



2 Comments

❄️
chasm 10 Years · 3629 comments

I'm hardly Zoom's biggest fan, though I do use it frequently for video meetings I lead. They always seem to have a patch of some sort for the Mac client nearly every time I open the program, but the updates are generally quick and security is usually the focus of said updates. Hopefully this one will permanently fix this particular vulnerability Wardle discovered for good.

🎄
22july2013 11 Years · 3736 comments

chasm said:
Hopefully this one will permanently fix this particular vulnerability Wardle discovered for good.

Hope for the best. Expect the worst.