Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Zoom fixed two flaws in macOS App that were disclosed at DEF CON

Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher […]

Zoom Room

Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference.

Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher Patrick Wardle during its talk “You’re M̶u̶t̶e̶d̶ Rooted.”

In his talk, the expert explored Zoom’s macOS application to uncover several critical security flaws that can be exploited by a local unprivileged attacker to achieve root access to the device.

Wardle demonstrated that an attacker could hijack the update mechanism to downgrade the software to an older version that is known to be affected by vulnerabilities.

The experts pointed out that macOS users are not prompted for their admin password when Zoom is updated, because the auto-update feature is enabled by default.

Zoom informed customers last week that macOS updates for the Zoom application patch two high-severity vulnerabilities. Details of the flaws were disclosed on Friday at the DEF CON conference in Las Vegas by macOS security researcher Patrick Wardle.

Wardle, who is the founder of the Objective-See Foundation, a non-profit that provides free and open source macOS security resources, showed at DEF CON how a local, unprivileged attacker could exploit vulnerabilities in Zoom’s update process to escalate privileges to root.

“In this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root.” Wardle explained. The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component.”

zoom

Wardle demonstrated that a local attacker abusing the auto-update process and leveraging a cryptographic issue related to insecure update package signature validation can install an update package.

Zoom addressed some related vulnerabilities in the past months, but Wardle explained that he was still able to exploit them in his attack. The day after the talk, the company released Client for Meetings for macOS 5.11.5 that fix the auto-update process vulnerability (CVE-2022-28756). The company also announced Version 5.11.3 which addresses the packet signature validation issue (CVE-2022-28751).

Zoom also addressed other critical and high-severity vulnerabilities:

  • CVE-2022-28753, CVE-2022-28754: Zoom On-Premise Deployments: Improper Access Control Vulnerability (HIGH)
  • CVE-2022-28755: Improper URL parsing in Zoom Clients (CRITICAL)
  • CVE-2022-28752: Local Privilege Escalation in the Zoom Rooms for Windows Client (HIGH)
  • CVE-2022-28750: Zoom On-Premise Deployments: Stack Buffer Overflow in Meeting Connector (HIGH)

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, macOS)

[adrotate banner=”5″]

[adrotate banner=”13″]