Jul 09, 2019 Video conferencing provider Zoom has pushed out an emergency patch to address the zero-day vulnerability for Mac users that could potentially expose. Jul 13, 2020 Zoom accounts sold on hacker forums Cybersecurity firm Cyble, which was able to purchase 530,000 Zoom credentials for less than a penny each at $0.0020 per account, said the Zoom accounts began. Jul 09, 2019 The Zoom app is designed to seamlessly let businesses hold video conference meetings by clicking on a web link. But the same feature can also be abused by hackers to spy on Mac.
Zoom, the popular video call service has had a number of privacy and security issues over the years and we’ve seen several very recently as Zoom has seen usage skyrocket during the coronavirus pandemic. Now two new bugs have been discovered that allow hackers to take control of Macs including the webcam, microphone, and even full root access.
Update 4/2: Zoom has issued an apology for its privacy and security gaffes, patched these two most recent Mac bugs, and laid out a plan for the next 90 days to improve the service.
But if you’re still wanting to switch to another option, check out our roundup of 10 Zoom alternatives here.
Zoom Hacked March
Reported by TechCrunch, the new flaws were discovered by Ex-NSA hacker Patrick Wardle, now principal security researcher at Jamf, who detailed his findings on his blog Objective-See.
Wardle goes through a history of Zoom’s privacy and security issues like the webcam hijacking we saw last summer, the calls not actually being end-to-end encrypted as the company claims, the iOS app sending user data to Facebook, and more.
That brings us to today. Wardle’s new bug discoveries mean Macs are vulnerable to webcam and mic takeover again, in addition to taking gaining root access to a Mac. It does have to be a local attack but the bug makes it relatively easy for an attacker to gain total control in macOS through Zoom.
Zoom Macos Hack
As such, today when Felix Seele also noted that the Zoom installer may invoke the AuthorizationExecuteWithPrivileges API to perform various privileged installation tasks, I decided to take a closer look. Almost immediately I uncovered several issues, including a vulnerability that leads to a trivial and reliable local privilege escalation (to root!).
Wardle describes the entire process in technical detail if you’re interested but the flaw comes down to this:
To exploit Zoom, a local non-privileged attacker can simply replace or subvert the runwithroot script during an install (or upgrade?) to gain root access.
Then, a second flaw Wardle discovered allows access for hackers to access a Mac’s camera and mic and even record the screen, all without a user prompt.
Unfortunately, Zoom has (for reasons unbeknown to me), a specific “exclusion” that allows malicious code to be injected into its process space, where said code can piggy-back off Zoom’s (mic and camera) access! This give malicious code a way to either record Zoom meetings, or worse, access the mic and camera at arbitrary times (without the user access prompt)!
Zoom didn’t respond to TechCrunch after a request for comment. With the millions of people using Zoom with the current global health crisis, hopefully, we see a fix real fast!
Zoom Hack March 2020
FTC: We use income earning auto affiliate links.More.