Tag: ‘take
Security researcher reveal Zoom flaws that could’ve allowed attackers to take over your Mac
Zoom’s automatic update option can help users ensure that they have the latest, safest version of the video conferencing software, which has had multiple privacy and security issues over the years. A Mac security researcher, however, has reported vulnerabilities he found in the tool that attackers could have exploited to gain full control of a victim’s computer at this year’s DefCon. According to Wired, Patrick Wardle presented two vulnerabilities during the conference. He found the first one in the app’s signature check, which certifies the integrity of the update being installed and examines it to make sure that it’s a new version of Zoom. In other words, it’s in charge of blocking attackers from tricking the automatic update installer into downloading an older and more vulnerable version of the app.
Wardle discovered that attackers could bypass the signature check by naming their malware file a certain way. And once they’re in, they could get root access and control the victim’s Mac. The Verge says Wardle disclosed the bug to Zoom back in December 2021, but the fix it rolled out contained another bug. This second vulnerability could have given attackers a way to circumvent the safeguard Zoom set in place to make sure an update delivers the latest version of the app. Wardle reportedly found that it’s possible to trick a tool that facilitates Zoom’s update distribution into accepting an older version of the video conferencing software.
Zoom already fixed that flaw, as well, but Wardle found yet another vulnerability, which he has also presented at the conference. He discovered that there’s a point in time between the auto-installer’s verification of a software package and the actual installation process that allows an attacker to inject malicious code into the update. A downloaded package meant for installation can apparently retain its original read-write permissions allowing any user to modify it. That means even users without root access could swap its contents with malicious code and gain control of the target computer.
The company told The Verge that it’s now working on a patch for the new vulnerability Wardle has disclosed. As Wired notes, though, attackers need to have existing access to a user’s device to be able to exploit these flaws. Even if there’s no immediate danger for most people, Zoom advises users to “keep up to date with the latest version” of the app whenever one comes out.
Obscurant’s Mesmerizing Take on Mimicry Looks Like Nothing I’ve Seen Before
Ethereum: Should ETH traders take long bets with tentative Merge date
New Findings Shows Institutional Investors Take More Interest In Ethereum
Crypto Biz: A Futurist take on crypto
The 2022 Blockchain Futurist conference in Toronto, Canada wrapped up this week. DeFi and institutional adoption of crypto were high on the agenda.
1xBit Will Take You on a Journey With Around the World Adventure Tournament
Gotham Knights new details show a unique take on Batman’s Gotham City
Gotham Knights, the new open-world game from Arkham Origins developer Warner Bros. Montreal, set to release in October, has a very different take on Batman’s Gotham City, offering a more storied and historic version of the crime-ridden metropolis than Christopher Nolan’s Dark Knight trilogy, or the Matt Reeves and Robert Pattinson-helmed The Batman.
RELATED LINKS: The best superhero games on PC, The best RPGs on PC, What if Batman: Arkham Knight 2 had happened?
Institutional staking won’t take off unless asset lock-up solved: Coinbase CFO
Coinbase’s new institutional-focused staking product won’t be a “near-term phenomenon” while liquid staking is still being worked out.