Zoom for Mac Has Two New Security Flaws

They require local access to your Mac, but can let hackers take over

Making sure your Mac is secure while using Zoom is paramount, of course, but as this attack requires local access to your computer, it's less an issue of fear. More importantly, we all need to be aware of the status of the tools we all suddenly find ourselves using, and ask the developers to patch things as soon as possible.

Zoom video conference on Macbook Pro
 Original image by Pixabay

Ex-NSA hacker Patrick Wardle discovered two new vulnerabilities in the suddenly-popular Zoom software for macOS.

Stay calm: First of all, the security flaws require local access to your Mac, which means someone malicious has to physically use your computer to make it happen. So it's of less concern than, say, a hack that can work remotely, over the internet.

The details: The first bug involves how Zoom gets installed on Mac. A local attacker who even has low-level system privileges can add malicious code to the Zoom installer to grant themselves root access, which is the highest level possible on Mac. The attacker can then do basically whatever they want on your system, including running spyware or malware on it.

The second vulnerability involves an ability to add malicious code to Zoom to give the attacker access to your webcam and microphone. They can then watch and record your video stream and hear what you're saying in meetings.

When will this be fixed: So far, Zoom hasn't made any fixes to its app, but it's likely they will.

Don't over worry: Yes, this is a big deal in the sense that we're all using any and every tool out there to manage our pandemic stay-at-home business and personal lives, and we have to be aware of issues like this. Of course, don't let anyone you don't know use your Mac, but also make sure you know the potential risks when using Zoom or other software that may also have vulnerabilities that aren't discovered because they're less popular.

Ultimately, whether you continue to use Zoom or not, be sure to update it when the new vulnerabilities (there are also some for Windows) are patched.

Via: TechCrunch

Learn More About Zoom