Zoom on macOS gets update to fix high-risk security vulnerabilities

Citing foreign tech media MacRumors, Zoom has released a new patch that fixes a vulnerability that existed in the macOS side of the application that allowed hackers to take over the user's operating system. In a security advisory, Zoom acknowledges the existence of CVE-2022-28756, and says that the fix is available in the latest version 5.11.5, which users should understand to download and install.

https://explore.zoom.us/en/trust/security/security-bulletin/

Patrick Wardle, co-founder and security expert at the Objective-See Foundation, was the first to discover the vulnerability and publicly demonstrated it at the Def Con hacker conference last week. The vulnerability exists within Zoom's macOS installer and requires special user privileges to execute.

By exploiting the tool, Wardle uses the cryptographic signature of the Zoom installer to install a malicious program. Next, the attacker can take over the user's system, allowing modifications, deletions, and additions of files.

After citing Zoom's update, Wardell said, "Thanks to Zoom for being able to fix this issue so quickly. Reversing the patch, the Zoom installer now calls lchown to update the permissions of the updated .pkg, thus preventing malicious use".

You can install the 5.11.5 update on Zoom by first opening the application on your Mac and clicking on zoom.us from the menu bar at the top of the screen (this may vary depending on your country). Then, select Check for updates and, if available, Zoom will display a window with the latest application version, as well as details about what has changed. From here, select the update to start the download.