Wardle is a former US National Security Agency hacker and founder of the Objective-See Foundation, a non-profit that develops open-source MacOS security tools. pkg, thus preventing malicious subversion.” “Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update. “Mahalos to Zoom for the (incredibly) quick fix!” Wardle tweeted yesterday (14 August) after Zoom released the update. Slides with full details & PoC exploit: #0day /9dW7DdUm7P Was stoked to talk about (& live-demo □) a local priv-esc vulnerability in Zoom (for macOS). Mahalo to everybody who came to my talk "You're M̶u̶t̶e̶d̶ Rooted" □□ Zoom released the patch soon after Wardle explained to the conference audience how easy it was to access a user’s system using the vulnerability, gaining access to permissions such as modifying, deleting and adding files on the device. The flaw was revealed by Mac security researcher Patrick Wardle at Def Con, one of the world’s largest hacking conferences, held in Las Vegas last week. In a security bulletin update on Saturday (13 August), Zoom said version 5.7.3 to version 5.11.3 of its MacOS app contains a vulnerability in the auto-update process that can be exploited by a local low-privileged user to “escalate their privileges to root”. Zoom has issued a patch for a serious security flaw in its MacOS app that could allow a hacker to take control of a user’s operating system. First revealed by security researcher Patrick Wardle, certain versions of Zoom for MacOS contained a vulnerability that could give hackers root privileges.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |