After the last fix was circumvented, Zoom updates a major vulnerability.
A MacOS security expert was able to go around the fix that was just released over the weekend.
Zoom Mac users need to upgrade once more.
This week, Zoom corrected a flaw in its Mac auto-update tool that might grant malicious users root access. On Wednesday, Zoom released a follow-up patch, indicating that the initial repair may have been circumvented.
Users of Zoom should install and utilise the August 17-released version 5.11.6 (9890) on macOS. For updates, you can also look at Zoom’s menu bar. If you wait for an automatic update while this issue is known to the public, you might have to wait days.
Csaba Fitzl, also known as theevilbit of Offensive Security, a macOS security researcher, disclosed Zoom’s insufficient remedy. The day before Fitzl tweeted about it, Zoom acknowledged Fitzl in its security bulletin (ZSB-22019) and released a patch.
Zoom’s patch was… 🤔… incomplete, I managed to bypass it 🤪
So, please update to 5.11.6. https://t.co/Ok2OwmEHBF
— Csaba Fitzl (@theevilbit) August 18, 2022
Neither Fitzl nor Zoom explained how Fitzl was able to get around the patch for the flaw that Patrick Wardle, the creator of the Objective-See Foundation, first identified. Wardle discussed Zoom’s auto-update utility’s ability to maintain its privileged status to install Zoom packages yet be deceived into checking other packages at Def Con last week. As a result, bad actors might utilise it to degrade Zoom in order to improve their access to the system’s exploits or even to acquire root access.