It may be a good time to use Zoom more. The more popular the videoconferencing software, the more obvious the carelessness of its developers: end-to-end false encryption, disclosure of personal information, poor installation practices… Once there, it is better to look for an alternative, whether Skype, WhatsApp, or even FaceTime if the loved ones are all equipped with Apple products (recent).
To convince the most recalcitrant, security researcher Patrick Wardle has put your hand on two additional vulnerabilities that specifically affect the Mac. For each of them, the thief must have physical access to the computer, which limits the possibilities of piracy. The fact remains that these are security breaches and that they continue to pile up.
The first allows a forban to obtain the same access rights to the microphone and to the Zoom webcam. The software must indeed ask the user’s permission to access these components essential to its operation. This authorization request has a flaw that allows a bandit to inject malicious code, in order to recover access rights. The latter can then secretly monitor the user.
The second flaw is directly related to the software installation system on macOS, which will far too fast to work. It turns out that a malapris is able to drag code with the privileges of a lambda user in order to obtain root access. It can thus access the lowest and most sensitive layers of macOS, which is not without posing serious security problems.
Zoom hasn’t provided any fixes yet.
– .
