A Mac security researcher, Patrick Wardle, managed to gain root access to the macOS system, using the installer for the Zoom application, exposing a security flaw that leaves the system vulnerable to ransomware and malware.
Wardle demonstrated the break-in at the Def Con hacking conference in Las Vegas. It works by exploiting the Zoom installer, which requires special permissions to remove or install the application.
The security researcher managed to find a way around the user permissions by using the auto-update function of the installer that requires to be run with special privileges in the background.
This works because Zoom cryptographically signs each update but would only check for a signing certificate. This means that hackers can replace the certificate with one that has enough privileges and it would continue to run in the background.
An attacker can also substitute the certificate file with an infected one, which can execute any malware applications they want.
A hacker can begin with restricted access to the system but gain high-level root access using the flaw, which will allow them to modify and edit any file on the affected system.
Since it was demonstrated, Zoom has issued a patch to fix most of the exploits but Wardle said the application still has the superuser flaw.
Wardle had told Zoom about the flaw in December but Zoom's patch introduced another vulnerability that could be still exploited, with a few extra steps.
In an interview to tech publication The Verge, Wardle said, "To me that was kind of problematic because not only did I report the bugs to Zoom, I also reported mistakes and how to fix the code. So it was really frustrating to wait, what, six, seven, eight months, knowing that all Mac versions of Zoom were sitting on users’ computers vulnerable.”
The new version that Zoom uses has another problem. The package for the installation is downloaded and moved to a directory, belonging to the admin of the system.
Normally, this would mean that no user would be able to access those files but because macOS is based on Unix, the file retains the same read/write permissions it previously had. This means if you manage to gain access to the package, it can be modified or infected with malicious software.
“We are aware of the newly reported vulnerability in the Zoom autoupdater for macOS and are working diligently to address it," Zoom security lead Matt Nagel told The Verge.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
