February 11, 2025
Trending News

Zoom security vulnerability could make it easier for attackers to work with macOS

  • August 16, 2022
  • 0

Application zoom it is a software that has become very popular in times of social isolation. It was a great ally for people and companies that needed to

Zoom security vulnerability could make it easier for attackers to work with macOS

Application zoom it is a software that has become very popular in times of social isolation. It was a great ally for people and companies that needed to use home Office, during the period when face-to-face classes were not yet allowed; however, this popularization brings some negative consequences. It was passed on Patrick Wardle, founder of the Objective-See Foundation and ecosystem security expert at Apple, Poppythat the automatic update system could create serious vulnerabilities for users macOS.

03/24/2022 at 11:15
News

Zoom adds a feature that allows you to broadcast meetings on Twitch

The function was available before, but now the process has become even easier

The first occurs in the application signature verification procedure, which verifies the integrity of the update package being installed and verifies it to make sure it is a more up-to-date version of Zoom. Although, Wardle discovered that hackers can fool this verification system by naming their malware after a specific pattern, with the same name as the signature of the original signing certificate.

Having achieved this goal, they will be able to access the victim’s computer, which means they will be able to delete, modify or create various files. It was reported that the specialist shared this failure with the company’s managers in December 2021, but what was supposed to be a fix pack brought another big problem. This time, there is a loophole through which attackers can bypass the software security systems responsible for verifying that the latest version of the application is being used.

So the founder of the Objective-See Foundation found yet another way to trick this tool into bypassing the checking system and accepting an older, less secure version as the latest. The information has been shared with the Zoom team. which created another fix.

Zoom Fatigue: Learn the Symptoms of Spending Too Much Time Online Meetings

Zoom Fatigue: Learn the Symptoms of Spending Too Much Time Online Meetings
Has the pandemic turned your routine upside down? Pay attention to the signs to monitor your health

End of trouble? Not yet

Another bug was discovered recently. O the current patch still has a security flaw which can be used by hackers. When a package is installed, it is now moved to the user’s root folder, which is a way to protect against potential malware.

However, permissions writing and reading are saved, which can be modified by a regular user. This possibility opens another door for a person with bad intentions, as he will be able to change the file and turn it into something malicious.

Wardle drew the attention of the international media to the fact that he reports not only on gaps, but also on their solutions. According to those responsible for Zoom, attackers will only be able to take advantage of these shortcomings if they previously had access to the victim’s device. While theoretically there is no immediate danger to users, they recommended “updating the application to the most recent version”.


Continuation after commercial


Zoom is offering up to $50,000 to anyone who finds bugs and security holes on the platform.

Zoom is offering up to $50,000 to anyone who finds bugs and security holes on the platform.
To become part of the service’s security team, engineers must apply for jobs available on the site.

Source: engadget.com

…..

Thinking about buying goods online? Discover the Save the Connected World extension for Google Chrome. It’s free and offers you price comparisons at major stores and coupons so you can always buy at the best price. Download now.

Source: Mundo Conectado

Leave a Reply

Your email address will not be published. Required fields are marked *