Photo: fizkes (Shutterstock)
If you spend all day in video meetings, you might think Zoom has completely taken over your Mac. However, a major security vulnerability allows hackers to do just that. While getting hacked might be excuse enough to get you out of that afternoon video call, it’s definitely not worth it. Save yourself the headache and update Zoom immediately.
What’s going on with Zoom for Mac?
As reported by The Verge on Friday, Aug. 12, we learned Zoom for Mac’s auto-update feature had a critical flaw putting all users at risk. Security specialist Patrick Wardle discovered the vulnerability, which resides in the Zoom installer.
After a user authenticates themselves to the Zoom installer, an auto-update function continues to operate in the background. The installer then installs any update so long as it is cryptographically signed by Zoom, which is all to be expected. However, the installer can’t tell the difference between a legitimate update and malware, so long as the name of the software is correct. That allows a malicious user to trick the installer into automatically installing bogus software with the right name on a target’s Mac, giving the hacker root access to the machine in what’s known as a privilege escalation attack.
In layman’s terms, it means a bad actor can completely take over your Mac by exploiting this vulnerability. Worse yet, this vulnerability has existed for the entirety of 2022: Wardle made Zoom aware of this issue back in December of 2021, and while the company issued an update to patch the problem, it inadvertently introduced a new way for hackers to exploit the same vulnerability. Luckily, we finally have a patch that blocks this type of hacking for good.
G/O Media may get a commission
Zoom issued a security bulletin on Saturday, Aug. 13, detailing the vulnerability and its patch. Identified as CVE-2022-28756 with a severity rating of “High,” the patch officially fixes this privilege escalation issue, starting with Zoom version 5.7.3 and before 5.11.5.
How to update Zoom for Mac
To check for a new Zoom update, open the client on your Mac, sign in, choose your profile icon, then click “Check for Updates.” If there is a new update available, the Zoom client will download and install it to your Mac.
That said, you might already have the patch in your Zoom client if you have automatic updates enabled. To check, go to Zoom Settings, choose “General,” then click “Automatically keep my Zoom up to date.” Once you authenticate yourself, Zoom will automatically check for updates in the background. You can also choose whether to receive these updates “Slow,” which waits to install updates until they are sure to be stable, or “Fast,” which installs each new update right away. Zoom clarifies that any critical updates, such as this patch, will be installed immediately, regardless of which setting you choose here.
[MacRumors]