[MacTUG] The 'S' in Zoom, Stands for Security
Marlon A. Griffith
m3griffi at uwaterloo.ca
Wed Apr 1 15:39:50 EDT 2020
"""
uncovering (local) security flaws in Zoom's latest macOS client
...
Conclusion
Today, we uncovered two (local) security issues affecting Zoom’s macOS
application. Given Zoom’s privacy and security track record this should
surprise absolutely zero people.
First, we illustrated how unprivileged attackers or malware may be able
to exploit Zoom’s installer to gain root privileges.
Following this, due to an ‘exception’ entitlement, we showed how to
inject a malicious library into Zoom’s trusted process context. This
affords malware the ability to record all Zoom meetings, or, simply
spawn Zoom in the background to access the mic and webcam at arbitrary
times! 😱
The former is problematic as many enterprises (now) utilize Zoom for
(likely) sensitive business meetings, while the latter is problematic as
it affords malware the opportunity to surreptitious access either the
mic or the webcam, with no macOS alerts and/or prompts.
https://objective-see.com/blog/blog_0x56.html
""" macos
More information about the MacTUG
mailing list