Hacker took control of a Mac using a vulnerability in Zoom

The hacker conference Defcon is an arena where high-level security researchers compete to track down new and hitherto undiscovered security holes and vulnerabilities. During the weekend’s event, the communication platform Zoom was, among other things, in focus, reports Wired and The Verge.

Security researcher Patrick Wardle used the Defcon platform to demonstrate a bunch of vulnerabilities in the macOS version of Zoom that an unauthorized person can exploit to gain full access to the machine.

Vulnerable update feature

Wardle is otherwise the security researcher as before have found zero-day vulnerabilities in the Zoom client for MacOS.

One of the vulnerabilities this time lies in the automatic update function of the Zoom application, including the cryptographic security check that Zoom uses to verify the software’s legitimacy.

Wardle found that this security check has serious flaws that make it possible to sneak malicious software past the check – simply by changing the name of the package. The malware can then be used to give attackers root access to the Mac.

– All you have to do is name your package in a certain way, and then you can get around the cryptographic checks, Wardle commented to Wired.

Another vulnerability lies in the signature check which is intended to ensure that the update is a new version and not an outdated and potentially unsafe version of the software. This can be exploited to trick Zoom into accepting older updates with security holes that attackers can use to gain access to the system, according to the researcher.

One is not yet fixed

Zoom has stated that it has already fixed these security holes, but Wardle highlighted one more vulnerability that has yet to be patched.

See also  iPhone 11, iPhone 12, dan iPhone 13 Series

Namely, the security researcher discovered that there is a point between the verification of the software and the actual installation process where it is possible for attackers to inject malicious code into the Zoom update.

This code will then have all the same privileges and permissions that the update already has, which could give an attacker full control of the computer.

Normally, this vulnerability can only be exploited when the user installs a new update, but the security researcher found a way to trick Zoom into reinstalling the existing version. That way, an attacker will have many opportunities to smuggle in their own malicious code.

Exploitation of all of these vulnerabilities requires the attacker to already have a foothold on the victim’s device, which reduces the threat somewhat. As Wired points out, the findings are nevertheless a useful reminder of the importance of keeping software up to date.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.