A superuser is a “root account” on a mac that has access to do whatever it wants to the system. However, after this, it sets the app up to run auto-updates in the background and grants Zoom “superuser” privileges. The installer asks a user to input their password when the application is added to a given system.
The vulnerability stems from the installer for Zoom, which requires users to grant the application an all-access pass for updates, in order to run on a Mac. He revealed the existence of the bug to the public at the Def Con hacking conference in Las Vegas last Friday.
The issue was discovered by Patrick Wardle of the Objective-See Foundation, a non-profit that creates security tools for devices running macOS. The flaw in Zoom’s system, tracked as CVE-2022-28756, theoretically allows a hacker to gain control of a computer’s entire operating system, post-exploit. MacOS users with the Zoom client installed have been advised by the company to update their systems as soon as possible. Since the pandemic, companies across the globe have turned to Zoom to facilitate collaboration in remote working environments, with its 300 million-strong active user base an appealing target for hackers. Users who have not updated their software could still be at risk of having their macs infiltrated via both exploits. Zoom has just patched a macOS bug that allowed hackers to take control of a given device’s operating system through the platform – but another bug remains live, according to the security researcher that discovered it.
0 kommentar(er)
