KEEPNET LABS > Blog > Zoom Exploit on MacOS

Zoom Exploit on MacOS

This exploit works by targeting the Zoom application installer, which must be run with special user permissions to install or uninstall the main Zoom application on the computer.

Zoom Exploit on MacOS

This vulnerability was reported in Zoom last December: This exploit works by targeting the Zoom application installer, which must be run with special user permissions to install or uninstall the main Zoom application on the computer. Although the setup program required the user to enter his password when he first added the application to the system, Wardle found that the automatic update feature was then constantly running in the background with superuser rights.

When Zoom releases an update, the update feature installs the new package after verifying that it has been cryptographically signed by Zoom. However, the validation method is applied to how an error for the test to pass, an attacker can change any malicious software and the Upgrade Program, which allows him to run the upgrade program with an upgraded Zoom to get a file with the same name as the signing certificate that was meant to give enough. It seems that it is not completely solved: After a responsible disclosure of the protocols, Wardle reported the vulnerability to Zoom last December.

Join
Our Newsletter

Sign up to learn about the latest threats, hacking methods, and news.