A few days ago, a flaw was discovered in the installer of the Zoom communication application that could allow some users to have root access. With that attackers could gain access to the entire operating system. However, it seems that everything is finally under control, thanks to a new application update that has solved the problem. Since the pandemic, Zoom is one of the applications that has been used the most to keep in touch with family and professionals with whom we could not meet in person. That is why it is so important that it has been solved, although not very quickly.
A security researcher discovered a flaw in the Zoom app installer for macOS that could allow attackers to gain root access and control the entire operating system. This researcher, Patrick Wardle, who worked for the NSA, shared his findings in a presentation at the Defcon conference in Las Vegas last Friday. It explains that the attack works by taking advantage of the Zoom installer for macOS, which requires special user permissions in order to install or uninstall Zoom from a Mac. More specifically, Wardle discovered that the installer has an automatic update feature that continues running in the background with elevated privileges. An attacker could trick the updater into thinking a malicious file was signed by Zoom.
Before making it public at the conference, the company was already notified privately, that was in December and although it has tried to correct the problem since then, it has not been until now, that it seems that it has finally been solved. The company in charge of managing Zoom, has released a patch that fixes the auto-update feature which could grant macOS root privileges to an attacker.
