Before you sign in to Zoom to start your next video call, take a few minutes before signing in to update your app. Zoom recently released a security patch for a major hole that could allow a hacker to take over your entire machine.
The vulnerability, discovered by Patrick Wardle of the Objective-See Foundation, concerns Zoom’s automatic updater, which works as a root user and does not require a user password. When the updater is run, it checks if the software updates are signed by Zoom, but Wardle found that it only checked if the file has the same name as the signing certificate. A hacker could then use another package with the same name as the certificate to gain access to the Mac.
Wardle presented his findings at the DefCon event last week, and his presentation can be viewed online. Zoom responded by releasing the 5.11.5 (9788) update, which fixes the bug, but it’s actually the second attempt at a fix. In December, Wardle told Zoom about the vulnerability and the company released a fix, but the fix had a bug that made the vulnerability still effective.
Zoom has a checkered security history. In the past, it had issues with unauthorized microphone access, lack of encryption, and meetings being invaded by unauthorized users. Zoom has fixed those issues with updates.
Zoom may update automatically when you launch the app, but it may not install the latest version (this happened to me), which is 5.11.5 (9788). To check the version, start Zoom and click zoom.us > About Zoom. If you do not have the latest version, you will need to update it manually. Here’s how.
Time to complete: 5 minutes
Tools needed: Internet connection
Required materials: Zoom Mac App
Manually checking for updates
Click on the zoom.us menu and select Check for updates.
Install the update
Zoom sees which updates are available. You should see the 5.11.5 (9788) update and read the release notes. click on to install continue.
A progress window will appear during the installation, which may take a few minutes depending on your internet connection. Zoom will restart and you should see a notification stating that you have the latest version installed. You can now use Zoom as usual.