If you have Zoom installed on your MacBook, you’ll want to update the app right now. Zoom spent the weekend patching a major security flaw in its Mac app, and the update is now available.
According to The Verge, it all started at Def Con, a computer security and hacker conference in Las Vegas. The founder of the nonprofit Objective-See and an ex-NSA security analyst, Patrick Wardletook the stage on Friday and presented a stunning find: a massive security flaw in the Zoom installer for MacBooks.
The exploit allowed a threat actor to take control of someone’s Mac through the Zoom app, right down to the root level of the machine. The Zoom package installer used a weak security certificate test, and any file with the same name as the official Zoom package could easily bypass the test. At this level, the MacBook recognizes the hacker as a “super user” who can then read, modify, or create any file, including adding other malware to the system.
Frustratingly, Wardle had discovered the security threat in December and notified Zoom of his findings. Wardle said Zoom didn’t take it seriously and released a patch after a month, which contained another security bug. He informed Zoom about this second bug, and more importantly, about the first bug that was not fixed. Zoom sat on it.
Wardle decided to make his findings public at Def Con. He had followed responsible disclosure protocols, which give companies time to fix bugs, and after doing nothing for eight months, he felt he should warn others. Zoom released a small patch a few weeks before the conference, but Wardle said the vulnerability was still there.
This isn’t the first time Zoom has been criticized for lax security. In 2020, Wardle discovered a Mac vulnerability in Zoom that allowed the hijacking of cameras and microphones. Zoom was also found to have sent user data to Facebook, and then the US Department of Justice filed a lawsuit against a Zoom executive for colluding with the Chinese government.
Zoom has been working over the weekend on a new patch following Wardle’s presentation, and it’s available now. Version 5.11.5 is a free update for Mac-based Zoom installations and is available now.
If you’d rather use a different video conferencing platform, check out our helpful guide to Microsoft Teams.