He had followed responsible disclosure protocols, which gives companies time to fix bugs, and after eight months of inaction, he felt he had to warn others. Wardle decided to go public with his findings at Def Con. He informed Zoom of this second bug, and more importantly, of the first bug not being fixed. Wardle said Zoom didn’t take him seriously and released a patch after a month, which contained another security bug. At this level, the MacBook recognizes the hacker as a “superuser” who can then read, change or create any file, including adding other malware to the system.įrustratingly, Wardle had discovered the security threat back in December and had informed Zoom of his findings. The Zoom package installer used a weak security certificate test and any file with the same name as the official Zoom package could easily bypass the test. The exploit allowed a threat actor to take control of someone’s Mac through the Zoom app, right down to the root level of the machine. The founder of the security non-profit Objective-See and an ex-NSA security analyst, Patrick Wardle, took to the stage on Friday and presented a stunning find: a massive security vulnerability in the Zoom installer for MacBooks.
Zoom spent the weekend patching a major security flaw in its Mac app, and the update is available right now.Īccording to The Verge, it all began at Def Con, a computer security and hacker conference in Las Vegas. If you have Zoom installed on your MacBook, you’ll want to update the app right now.
0 kommentar(er)
