Zoom: Security Researcher Finds Multiple Weaknesses in Auto-Update Process

Zoom has been found to have several security flaws. Through the automatic update process, hackers can regain control of the victim’s machine.

Zoom’s auto-update option helps users always have the latest version of their video conferencing software, which has suffered from a number of privacy and security issues in recent years. A Mac security specialist found several flaws in the automatic update tool that would allow attackers to take complete control of their victim’s computer.

Multiple security flaws found in Zoom

Patrick Wardle presented his findings at this year’s DefCon. According to Wired, two of them have been disclosed. The first was discovered during the verification of the application signature, which allows you to verify the integrity of the installed update, to ensure its full legitimacy. This prevents an attacker from making the installer believe they can install anything.

Through the automatic update process

Patrick Wardle discovered that hackers can bypass signature verification by naming their files in a certain way. Once inside, they can gain root access and control their victim’s machine. The Verge explains that a researcher reported the existence of this vulnerability to Zoom in December 2021, but the patch contained another vulnerability. The second vulnerability could allow hackers to bypass protections put in place by Zoom to make sure the update process installs the latest version of the app. Patrick Wardle discovered that it was possible to trick Zoom’s update distribution tool into accepting an older version of the software.

hackers can regain control of the victim’s machine

Zoom has already fixed this shortcoming, but the expert discovered another vulnerability, also presented during the conference. At some point between the automatic installer checking the package and the installation process itself, malicious code can be injected into the update. The downloaded package that needs to be installed can apparently keep the original read/write permissions, allowing anyone to change them. This means that even users without root access can share content with malicious code and take control of the target machine.

The company told The Verge that it is working on a patch for this new vulnerability discovered by an expert. As Wired points out, attackers must already have access to the user’s machine in order to exploit these flaws. While there is no immediate danger for most users, Zoom recommends that you always “stay up to date with the latest version”of the app. This allows end-to-end encryption.

CDN CTB