It was announced that Patrick Wardle, a Mac vulnerability researcher, found three vulnerabilities in the Zoom application that allowed attackers to gain access to computers. Bezoom stated that the first two vulnerabilities have been addressed and fixed and that they are still working on addressing the third weakness. Users are requested to update the app versions whenever an update is available.
Zoom has an option for automatic updates which should help to update a version without having to do it manually every time. But it turns out that even this option on Mac computers can be exploited due to a bug that allows attackers to gain access to the computers.
The researcher found that the attackers can bypass the application signature of the automatic update by simply naming the file of their malware accordingly and thus pushing it to allow the update to install the file that the attackers want. The automatic update will then install the malicious update and give the attackers the full permission that the Zoom app has which can also be accessed on the Mac.
The bug was discovered by Wardell in December last year, Zoom fixed it, but the update they offered contained another glitch that allowed attackers to trick the update and make it accept an older version of Zoom and thus bypass the new fix.
Zoom was quick and dealt with quickly, but then the researcher found the third vulnerability in the same process. He actually pointed to a period of time between the automatic update and the actual installation that could allow attackers to inject malicious code into the update.
Alex Steinberg, product manager at the information security company ESET Israel states: "Updating versions of products and operating systems is very important. Updates of this type address existing bugs and security problems, so an update helps strengthen the protection of our computers and information. The Zoom application is especially popular since it changed The work environment has been a hybrid since the coronavirus, so it is highly recommended for the many users of the application to update it. Also, be aware of the update that will come out later and fix the bug that has not yet been addressed."