banner1
banner2

HOME
Breaking News

Zoom issues a fix for a dangerous security flaw in its latest update on Mac

by VARINDIA 2022-08-16
Zoom issues a fix for a dangerous security flaw in its latest update on Mac

Zoom has issued a patch for a bug on macOS that could allow a hacker to take control of a user’s operating system (via MacRumors). In an update on its security bulletin, Zoom acknowledges the issue (CVE-2022-28756) and says a fix is included in version 5.11.5 of the app on Mac, which you can (and should) download now.

 

Patrick Wardle, a security researcher and founder of the Objective-See Foundation, a nonprofit that creates open-source macOS security tools, first uncovered the flaw and presented it at the Def Con hacking conference last week. My colleague, Corin Faife, attended the event and reported on Wardle’s findings.

 

As Corin explains, the exploit targets the Zoom installer, which requires special user permissions to run. By leveraging this tool, Wardle found that hackers could essentially “trick” Zoom into installing a malicious program by putting Zoom’s cryptographic signature on the package. From here, attackers can then gain further access to a user’s system, letting them modify, delete, or add files on the device.

 

“Mahalos to Zoom for the (incredibly) quick fix!” Wardle said in response to Zoom’s update. “Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversion.”

 

Users can install the 5.11.5 update on Zoom by first opening the app on their Mac and hitting zoom.us (this might be different depending on what country they are in) from the menu bar at the top of the screen. Then, select Check for updates, and if one’s available, Zoom will display a window with the latest app version, along with details about what’s changing. From here, select Update to begin the download.

 

Apple has updated its 13-inch 2020 MacBook Pro with its new M2 processor. It’s an improvement over the older M1 chip, especially in single-core performance. But the M2 will also power Apple’s cheaper MacBook Air, which will have a brand-new design and a host of other benefits.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
eScan XDR announces advanced phishing simulator to address AI-generated email threats

eScan XDR announces advanced phishing simulator to address AI-generated email threats

Tech Mahindra and Cisco to launch managed services for multicloud defense

Tech Mahindra and Cisco to launch managed services for multicloud defense

Okta Unveils ‘Cross App Access’ to Secure AI Agent Interactions Across Enterprise Apps

Okta Unveils ‘Cross App Access’ to Secure AI Agent Interactions Across Enterprise Apps

SOFTWARE
View All
Adobe announces AI-powered creative app for image and video generation

Adobe announces AI-powered creative app for image and video generation

Honeywell unveils AI- powered smart building management solution

Honeywell unveils AI- powered smart building management solution

Ericsson, Google Cloud collaborate on scalable AI-based 5G core

Ericsson, Google Cloud collaborate on scalable AI-based 5G core

START - UP
View All
MIPS and Cyient Semiconductor team up on custom RISC-V solutions

MIPS and Cyient Semiconductor team up on custom RISC-V solutions

Lenskart to Acquire Location AI Startup GeoIQ

Lenskart to Acquire Location AI Startup GeoIQ

GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
HCLTech to accelerate product-based transformation for E.ON

HCLTech to accelerate product-based transformation for E.ON

Google Meet Introduces Real-Time Speech Translation

Google Meet Introduces Real-Time Speech Translation

Regulatory Pressure Spurs Cybersecurity Spending

Regulatory Pressure Spurs Cybersecurity Spending

India Tops Global AI Trust with 76% Confidence 🇮🇳

India Tops Global AI Trust with 76% Confidence 🇮🇳

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

It’s time to Secure Enterprise AI from Model Poisoning

It’s time to Secure Enterprise AI from Model Poisoning

Regulated Industries Embrace On-Premise AI for Compliance & Control

Regulated Industries Embrace On-Premise AI for Compliance & Control

Sadhguru Seeks Court Protection Against AI Deepfakes

Sadhguru Seeks Court Protection Against AI Deepfakes

Travel Smarter: Stay Alert to Tourism Scams

Travel Smarter: Stay Alert to Tourism Scams

dsf