Patrick Wardle, founder of the nonprofit organization Objective-See, stated at a recent DefCon event that a flaw in Zoom’s automatic update tool could allow hackers to infiltrate Mac computers. He explained that when this tool runs an update, it looks for a signing certificate – or a unique digital verification code – that matches Zoom.
Since automatic updates do not require a password to be installed, Wardle says hackers could create packages that mimic Zoom’s signing certificate to install malicious files or programs onto users’ Macs. This could allow them to completely take over the device to delete files, steal passwords, or alter documents.
Get the latest version of Zoom
Wardle initially told Zoom about his findings back in December, which prompted the company to create a fix for the issue. Unfortunately, that fix reportedly included a bug that still allowed the automatic updater vulnerability to be effective.
Following Wardle’s DefCon presentation, Zoom issued a new patch under update 5.11.5 (9788). Mac users should download this update immediately to protect themselves from hackers.