Zoom Exploit on macOS Can Result in Root Access

upstart writes in with two stories on a Zoom exploit affecting macOS users:

The Zoom installer let a researcher hack his way to root access on macOS:

A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.

[...] The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom. But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom's signing certificate would be enough to pass the test - so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege.

[...] "To me that was kind of problematic [Zoom not responding to his disclosure for 8 months] because not only did I report the bugs to Zoom, I also reported mistakes and how to fix the code," Wardle told The Verge in a call before the talk. "So it was really frustrating to wait, what, six, seven, eight months, knowing that all Mac versions of Zoom were sitting on users' computers vulnerable."

Read more of this story at SoylentNews.