"The former is problematic as many enterprises (now) utilize Zoom for (likely) sensitive business meetings, while the latter is problematic as it affords malware the opportunity to surreptitious access either the mic or the webcam, with no macOS alerts and/or prompts," the researcher said. This affords malware the ability to record all Zoom meetings, or simply spawn Zoom in the background to access the mic and webcam at arbitrary times!"
#ZOOM VIDEO FOR MAC HOW TO#
"Following this, due to an ‘exception’ entitlement, we showed how to inject a malicious library into Zoom’s trusted process context. "First, we illustrated how unprivileged attackers or malware may be able to exploit Zoom’s installer to gain root privileges," Wardle said in his blog post. Furthermore, Wardle believes the problems could have been easily avoided by Zoom because the attack techniques have been documented by himself and other researchers in the past in blog posts and at security conferences. Įxploiting the two flaws requires attackers to already have local code execution access on the machine, but this does not mean they're not serious issues, since local code execution with limited user privileges can be achieved in a variety of ways. Wardle has a long history of macOS security research, which includes finding vulnerabilities, analyzing malware and writing security tools for Apple's platform.
The issues, which stem from insecure use of system APIs, were revealed Wednesday by security researcher Patrick Wardle on his blog.
#ZOOM VIDEO FOR MAC UPGRADE#
It’s safe to say M1 support will be the most noticeable upgrade if you’ve been using one of Apple’s newest computers to stay in touch during the pandemic.The Zoom video conferencing client for macOS does not take full advantage of the application hardening features the operating system offers, which could allow local malware to elevate its privileges or access the camera and microphone without the user's knowledge.
#ZOOM VIDEO FOR MAC UPDATE#
The update will also improve nonverbal feedback, allow you to send text messages on mobile (with a Zoom Phone Pro license) and help you add cloud contacts. The native code could improve the longevity further, though, and might boost overall performance if you’re running Zoom alongside other apps.
One MacRumors forum member found that battery life dipped by just 17 percent during a 2.5-hour video call. The non-native app wasn’t a huge drain on M1 Macs.
You may need to grab a separate installer, but you’ll likely want to leap on this if you’d rather not run Zoom using code translation. 9to5Mac has learned that Zoom is rolling out a December 21st update that lets the video calling app natively support Apple Silicon Macs. If you’re using Zoom on your M1 Mac for virtual holiday get-togethers, you’ll be happy to hear that an upgrade is arriving in a timely fashion.
0 kommentar(er)
