Zoom installer allows a researcher to gain root access on macOS


A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.

Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle.

Some of the bugs involved have already been fixed by Zoom, but the researcher presented one unpatched vulnerability that still affects systems now.

Wardle says he discovered the bug in December 2015 and waited eight months before publishing the research.

He says an initial fix from Zoom contained another bug that meant the vulnerability was still exploitable.

Zoom’s security and privacy PR lead says the company is aware of a bug in its auto updater for Mac OS X and is working to fix it.

When a file is moved from another location to the root directory, it retains the same read-write permissions it previously had.

A malicious user can still swap the contents of that file with a file of their own choosing and use it to become root.

Follow us on
AccessmacOS.researcherZoom installer
Comments (0)
Add Comment