You Need to Update Zoom on Your Mac Right Now
If you spend all day videoconferencing, you might think that Zoom has completely taken over your Mac. However, a serious security vulnerability allows hackers to do just that. While a hack might be enough of an excuse for you to opt out of an afternoon video call, it’s definitely not worth it. Save yourself the headache and update Zoom immediately.
What’s happening with Zoom for Mac?
As The Verge reported on Friday, August 12, we learned that Zoom’s auto-update feature for Mac has a critical bug that puts all users at risk. Security specialist Patrick Wardle discovered a vulnerability in the Zoom installer.
After the user authenticates to the Zoom installer, the auto-update feature continues to run in the background. The installer then installs any update as long as it is cryptographically signed by Zoom, which is to be expected. However, the installer cannot distinguish between a legitimate update and a malware one if the software name is correct. This allows an attacker to force the installer to automatically install fake software with the correct name on the target’s Mac, giving the hacker root access to the machine in a so-called privilege escalation attack.
In layman’s terms, this means that an attacker could completely take over your Mac using this vulnerability. To make matters worse, this vulnerability has existed throughout 2022: Wardle reported the issue to Zoom back in December 2021, and while the company released an update to fix the problem, it inadvertently provided hackers with a new way to exploit the same. vulnerability. Luckily, we finally have a patch to permanently block this type of hack.
Zoom released a security bulletin on Saturday, August 13, detailing the vulnerability and the fix. The patch, designated CVE-2022-28756 with a severity rating of High, officially fixes this privilege escalation issue from Zoom 5.7.3 through 5.11.5.
How to update Zoom for Mac
To check for a new Zoom update, open the client on your Mac, sign in, select your profile icon, then click Check for Updates. If a new update is available, the Zoom client will download and install it on your Mac.
However, you may already have the patch in your Zoom client if you have automatic updates enabled. To check, go to Zoom Settings, select General, then click Automatically Update My Zoom. Once you are authenticated, Zoom will automatically check for updates in the background. You can also choose whether to receive these updates “Slow”, where updates are delayed until they are stable, or “Fast”, where each new update is installed immediately. Zoom specifies that any critical updates, such as this patch, will be installed immediately, no matter which option you choose here.
[ Macrumors ]