Every day, a new Zoom security or privacy issue emerges. At least, that’s the way it seems during the COVID-19 crisis as an increasing number of people use the Zoom video conferencing app while working from home.
Soon after a security problem was disclosed that could allow attackers to steal Windows passwords, another researcher has identified two issues that can be used to take over a Zoom user’s Mac–and the microphone and webcam, according to TechCrunch.
The two bugs found by security researcher Patrick Wardle can be used by a local attacker able to gain physical control of a vulnerable Mac. By exploiting the bugs, the adversary can gain access to your computer and install malware or spyware, he wrote in a blog published today.
The first bug is based on another finding by @c1truz_, technical lead at a U.S. threat detection firm called VMRay. He said earlier this week on Twitter: “Ever wondered how the @zoom_us macOS installer does its job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed).”