11.1 C
London
Monday, September 26, 2022

The Zoom installer let a researcher hack his way to root access on macOS

Must read

New Marilyn Monroe Movie ‘Blonde’ Enjoys Victimizing Her Heroine

In 2010 three chest and pelvic X-rays of Marilyn Monroe sold for $45,000. Famous memorabilia will always fetch a pretty penny, but auctioning...

Interpol issues red notice to Terraform founder Do Kwon • londonbusinessblog.com

Interpol has issued a red alert to Do Kwon, urging law enforcement agencies around the world to locate and arrest the Terraform Labs founder...

Disperse, which brings AI-powered data to construction projects, raises $16 million • londonbusinessblog.com

To spreada UK-based construction technology company that provides an artificial intelligence (AI) powered platform to help project managers track work and capture data from...

Marketing Tech Startup Livewire Raises $4.7M Series A

Sydney startup Livewire, which brings gaming marketing to corporate promotions, has raised $4.7 million in a Series A. The round was led by RealVC, with...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

A security researcher has found a way for an attacker to use the macOS version of Zoom to gain access to the entire operating system.

Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday. Some of the bugs involved have already been fixed by Zoom, but the researcher also presented an unpatched vulnerability that still affects systems today.

The exploit works by targeting the Zoom application installer, which must be run with special user permissions in order to install or uninstall the main Zoom application from a computer. While the installer requires a user to enter their password when the application is first added to the system, Wardle found that an auto-update feature then ran continuously in the background with superuser privileges.

When Zoom released an update, the updater feature installed the new package after verifying that it was cryptographically signed by Zoom. But an error in how the verification method was implemented meant that it would be enough to give the updater a file with the same name as Zoom’s signing certificate to pass the test. updater with elevated privileges.

The result is a privilege escalation attack, which assumes that an attacker has already gained initial access to the target system and then uses an exploit to gain a higher level of access. In this case, the attacker starts with a restricted user account, but escalates to the most powerful user type — known as a “superuser” or “root” — allowing them to add, delete, or modify files on the machine.

Wardle is the founder of the Objective-See Foundation, a nonprofit that creates open-source security tools for macOS. Earlier, at the Black Hat cybersecurity conference held the same week as Def Con, Wardle detailed the unauthorized use of algorithms removed from his open-source security software by for-profit companies.

Following Responsible disclosure protocols, Wardle informed Zoom about the vulnerability last December. To his frustration, he says Zoom’s first fix contained another bug that meant the vulnerability could still be exploited in a slightly more roundabout way, so he disclosed this second bug to Zoom and waited eight months before launching the investigation. published.

“For me, that was a bit problematic because not only did I report the bugs to Zoom, I also reported errors and how to fix the code,” Wardle told me. The edge in a conversation for the conversation. “So it was really frustrating to wait six, seven, eight months knowing that all Mac versions of Zoom were vulnerable on users’ computers.”

A few weeks before the Def Con event, Wardle says Zoom has released a patch that fixes the bugs he initially discovered. But on closer analysis, another minor flaw meant that the bug could still be exploited.

In the new version of the update installer, a package to be installed is first moved to a folder owned by the “root” user. In general, this means that no user who does not have root permission can add, delete or modify files in this folder. But due to a subtlety of Unix systems (of which macOS is one), it retains the same read-write permissions it had before when an existing file is moved from another location to the root directory. So in this case it can still be changed by a regular user. And because it can be modified, a malicious user could still swap the contents of that file with a file of their choosing and use it to become root.

While this bug is currently live in Zoom, Wardle says it’s very easy to fix and hopes that if it’s talked about publicly, the company will fix it sooner rather than later.

In a statement to The edgeMatt Nagel, Zoom’s PR leader for security and privacy, said, “We are aware of the newly reported vulnerability in the Zoom auto-updater for macOS and are working hard to address it.”

Update August 12, 11:09 PM ET: Article updated with response from Zoom.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

New Marilyn Monroe Movie ‘Blonde’ Enjoys Victimizing Her Heroine

In 2010 three chest and pelvic X-rays of Marilyn Monroe sold for $45,000. Famous memorabilia will always fetch a pretty penny, but auctioning...

Interpol issues red notice to Terraform founder Do Kwon • londonbusinessblog.com

Interpol has issued a red alert to Do Kwon, urging law enforcement agencies around the world to locate and arrest the Terraform Labs founder...

Disperse, which brings AI-powered data to construction projects, raises $16 million • londonbusinessblog.com

To spreada UK-based construction technology company that provides an artificial intelligence (AI) powered platform to help project managers track work and capture data from...

Marketing Tech Startup Livewire Raises $4.7M Series A

Sydney startup Livewire, which brings gaming marketing to corporate promotions, has raised $4.7 million in a Series A. The round was led by RealVC, with...

The iPhone 15 ‘Ultra’ could replace the Pro Max

We may not get an Apple event this year.While Apple was initially expected to hold an event in October to launch its reportedly M2-equipped...