Application zoom it is a software that has become very popular in times of social isolation. It was a great ally for people and companies that needed to use home Office, during the period when face-to-face classes were not yet allowed; however, this popularization brings some negative consequences. It was passed on Patrick Wardle, founder of the Objective-See Foundation and ecosystem security expert at Apple, Poppythat the automatic update system could create serious vulnerabilities for users macOS.
News
Zoom adds a feature that allows you to broadcast meetings on Twitch
The function was available before, but now the process has become even easier
The first occurs in the application signature verification procedure, which verifies the integrity of the update package being installed and verifies it to make sure it is a more up-to-date version of Zoom. Although, Wardle discovered that hackers can fool this verification system by naming their malware after a specific pattern, with the same name as the signature of the original signing certificate.
Having achieved this goal, they will be able to access the victim’s computer, which means they will be able to delete, modify or create various files. It was reported that the specialist shared this failure with the company’s managers in December 2021, but what was supposed to be a fix pack brought another big problem. This time, there is a loophole through which attackers can bypass the software security systems responsible for verifying that the latest version of the application is being used.
So the founder of the Objective-See Foundation found yet another way to trick this tool into bypassing the checking system and accepting an older, less secure version as the latest. The information has been shared with the Zoom team. which created another fix.
Zoom Fatigue: Learn the Symptoms of Spending Too Much Time Online Meetings
Has the pandemic turned your routine upside down? Pay attention to the signs to monitor your health
End of trouble? Not yet
Another bug was discovered recently. O the current patch still has a security flaw which can be used by hackers. When a package is installed, it is now moved to the user’s root folder, which is a way to protect against potential malware.
However, permissions writing and reading are saved, which can be modified by a regular user. This possibility opens another door for a person with bad intentions, as he will be able to change the file and turn it into something malicious.
Wardle drew the attention of the international media to the fact that he reports not only on gaps, but also on their solutions. According to those responsible for Zoom, attackers will only be able to take advantage of these shortcomings if they previously had access to the victim’s device. While theoretically there is no immediate danger to users, they recommended “updating the application to the most recent version”.
Continuation after commercial
Zoom is offering up to $50,000 to anyone who finds bugs and security holes on the platform.
To become part of the service’s security team, engineers must apply for jobs available on the site.
Source: engadget.com
…..
Thinking about buying goods online? Discover the Save the Connected World extension for Google Chrome. It’s free and offers you price comparisons at major stores and coupons so you can always buy at the best price. Download now.