Zoom has released a fix for a macOS problem that might enable a hacker to take control of a user’s operating system (via MacRumors). Zoom admits the problem (CVE-2022-28756) in an update to its security notice and says a remedy is available in version 5.11.5 of the Mac app, which you can (and should) download immediately.
Patrick Wardle, a security researcher and the creator of the Objective-See Foundation, a charity that develops open-source macOS security solutions, discovered the issue and revealed it last week at the Def Con hacking conference.
The hack, as Corin explains, targets the Zoom installer, which needs specific user rights to execute. Using this technique, Wardle discovered that hackers could “fool” Zoom into downloading malicious software by including Zoom’s cryptographic signature in the package. Attackers may then get more access to a user’s system, allowing them to change, remove, or add data on the device.
You may install the Zoom 5.11.5 update by first launching the program on your Mac and selecting zoom.us (this may change depending on your location) from the menu bar at the top of your screen. Then, choose to Check for updates, and if one is available, Zoom will show a window with the most recent program version, as well as information about what’s changed. To begin the download, pick Update from this menu.