"The Zoom Installer Let a Researcher Hack His Way to Root Access on macOS"

A security researcher has discovered how an attacker can use the macOS version of Zoom to gain complete control of the operating system. The exploit was detailed in a presentation given by Mac security specialist Patrick Wardle at the DefCon hacking conference. Zoom has already fixed some of the bugs involved, but the researcher also presented one unpatched vulnerability still affecting systems. The exploit targets the Zoom application's installer, which requires special user permissions to run in order to install or remove the main Zoom application from a computer. Although the installer requires a user to enter their password when adding the application to the system for the first time, Wardle discovered an auto-update function running in the background with superuser privileges. When Zoom released an update, the updater function would install it after verifying that it was cryptographically signed by Zoom. However, due to a flaw in how the checking method was implemented, giving the updater any file with the same name as Zoom's signing certificate was enough to pass the test, allowing an attacker to substitute any type of malware program and have it run with elevated privilege by the updater. As a result, a privilege escalation attack occurs, in which an attacker assumes initial access to the target system and then employs an exploit to gain a higher level of access. In this case, the attacker starts with a restricted user account but progresses to the most powerful user type, known as a "superuser" or "root," granting them the ability to add, remove, or modify any files on the machine. This article continues to discuss the new privilege escalation attack involving the exploitation of weaknesses in the Zoom installer. 

The Verge reports "The Zoom Installer Let a Researcher Hack His Way to Root Access on macOS"