Zoom patches critical vulnerability again after prior fix was bypassed

Enlarge / A critical vulnerability in Zoom for MacOS, patched as soon as final weekend, might nonetheless be bypassed as of Wednesday. Users ought to replace again.

Getty Images

It’s time for Zoom customers on Mac to replace—again.

After Zoom patched a vulnerability in its Mac auto-update utility that might give malicious actors root entry earlier this week, the video conferencing software program firm issued one other patch Wednesday, noting that the prior fix might be bypassed.

Zoom customers on macOS ought to obtain and run model 5.11.6 (9890), launched August 17. You may test Zoom’s menu bar for updates. Waiting for an automated replace might depart you ready days whereas this exploit is publicly identified.

Zoom’s incomplete fix was reported by macOS safety researcher Csaba Fitzl, aka theevilbit of Offensive Security. Zoom credited Fitzl in its safety bulletin (ZSB-22019) and issued a patch the day earlier than Fitzl tweeted about it.

Neither Fitzl nor Zoom detailed how Fitzl was in a position to bypass the fix for the vulnerability first found by Patrick Wardle, founding father of the Objective-See Foundation. Wardle spoke at Def Con final week about how Zoom’s auto-update utility held onto its privileged standing to put in Zoom packages however might be tricked into verifying different packages. That meant malicious actors might use it to downgrade Zoom for higher exploit entry and even to achieve root entry to the system.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Popular Posts

Top Wall Street analysts like Apple & Nvidia

Apple CEO Tim Cook presents the brand new iPhone 14 at an Apple occasion at their headquarters in Cupertino, California, U.S. September 7, 2022. Carlos...

Bitcoin drops 5% to its lowest level in 3 months as risk assets continue to get crushed

Ether has massively outperformed bitcoin since each cryptocurrencies shaped a backside in June 2022. Ether's superior positive factors have come as traders anticipate a...

Tales From Earth-6: All-New Stories Based on Stan Lee’s “Just Imagine…” DC Super Heroes!

TALES FROM EARTH-6: A CELEBRATION OF STAN LEE!DC Celebrates Stan Lee with All-New Stories Based on His Just Imagine Series of One-Shots96-Page Prestige Format...

Bethesda, make Skyrim Mobile, you absolute cowards

Over the final era of consoles, it’s been a relentless meme that there’s all the time yet one more port of Skyrim to return....

Bitcoin, Ethereum crash continues as US 10-year Treasury yield surpasses June high

Bitcoin (BTC) and Ethereum's native token, Ether (ETH), began the week on a depressive be aware as buyers braced themselves for a flurry of...