The latest update for Zoom on Mac includes a fix for a dangerous security flaw that could allow hackers to take control of your Mac.
Zoom users on Mac should update the app to the Zoom new update 2022 after the company released a patch to fix a security flaw that could allow an attacker to take over their computers. Zoom was recently found to have a bug in its Mac client that allowed hackers to gain remote access to users’ systems. Now, the company has rolled out an update for its macOS app. That fixes the vulnerability without affecting the app’s auto-update features.
Zoom Mac update in August 2022
Last week, Zoom acknowledged the flaw, which was previously discovered by a security researcher named Patrick Wardle. Wardle is a security researcher and founder of the Objective-See Foundation, a nonprofit that makes open-source security tools for macOS. First found the flaw and presented it at the Def Con hacking conference last week. The exploit targets the Zoom installer, which requires special user permissions to run. By exploiting this tool, hackers can trick users into installing malware by putting Zoom’s cryptographic signature on it. Once installed, attackers can gain control of the user’s system and allow them to modify, delete, or add files to the device.
With the 5.11.5 zoom mac update in August 2022, Zoom fixed this vulnerability. Users can download the 5.11.5 security update for zoom by opening their app on macOS devices and then going to zoom.us from the menu bar at the top of the screen. Users can check for updates, and if available, Zoom will display a window with the latest version of the app, along with details of what’s changing. From there, users can select Update to start downloading the app.
Security Update for Zoom
Normally, the company tries to keep this safe by restricting the installer to only working with code that has been cryptographically signed by Zoom. But the flaw discovered by Wardle means an attacker could trivially bypass this protection and convince the installer to load and run whatever malware they want.
This isn’t the first time Zoom’s focus on frictionless usage has led to a security hole. In April 2020, when pandemic telecommuting led to a 500% increase in daily traffic on Zoom’s download page, some critics said the company’s software was a “privacy disaster” and even malware.
The company’s desire to be the easiest way to connect to video calls has led it to try to bypass the security measures that protect a user’s computer. In 2019, Zoom notoriously installed a hidden web server on users’ devices to try to enable one-click call joining, while in 2020 a bug was discovered that allowed attackers to turn Macs into remote spying devices. Zoom also claimed to use end-to-end encryption to protect calls, before admitting it did no such thing.