date of publication:
August 13, 2022 15:53 GMT
Update date: August 13, 2022 17:00 GMT
A technical security researcher has discovered a vulnerability in the version of the Zoom application for Mac OS that can threaten the operation of the entire operating system. The vulnerability is related to the “Zoom” installer on the system
Source: Mohamed Hanafi – Erm News
A researcher in the field of technical security discovered a vulnerability in the version of the “Zoom” application for the “Mac OS” operating system that might threaten the operation of the entire operating system.
The vulnerability is related to the “Zoom” installer on the operating system, although the installation of the application requires the user to enter a special password to add the application to the system, but Patrick Wardle discovered that the automatic update function of the application then works in the background of the system without the user’s permission.
Wardle explained that an error in installing new software package updates means that the operating system can be hacked through piracy, the owner of which can send a fake message to the user asking for his password, so that he can later install any type of malicious code on the user’s device.
Through such codes, the hacker can access deeper levels of the operating system, to a level where he can add, remove or modify any files on the user’s computer, according to “The Verge”.
It is strange that Wardle reported the vulnerability in December of last year, but the response of “Zoom” continued to contain other loopholes, which frustrated him, and prompted him to publicly warn of those vulnerabilities following 8 months of waiting.
For his part, the public relations officer for security and privacy at Zoom, Matt Nagel, admitted that the company’s development team “is aware of the recently reported security vulnerability, and its connection to the installation of an automatic update for the popular meeting program on the Mac OS,” noting that “The team is working hard to address it.”
But Wardle confirms that the software bug in the “Zoom” installer is easy to fix, and that he sent the Zoom administration how to implement it, to no avail.
And the researcher in technical security expressed his hope that public talk regarding the Zoom vulnerability would lead the company to pay attention to fixing its software application codes without delay.
Wardle is a co-founder of the Objective-See Foundation, a non-profit organization that aims to create open source technical security tools, and one of the participants in the Black Hat Cyber Security Conference last week.