Home / Mac / News
Updated

Update: Zoom pushes another Mac update to fix critical security flaw

Here's how to update Zoom before your next meeting.
Roman Loyola
By Roman Loyola
Senior Editor, Macworld AUG 18, 2022 10:58 am PDT
using Mac laptop for video call
Image: IDG

Before you log into Zoom to start your next video call, you should take a few minutes before you join to update your app. Zoom recently released a security patch for a major hole that could let a hacker take over your whole machine.

The vulnerability, discovered by Patrick Wardle of the Objective-See Foundation, involves Zoom’s automatic updater, which works as a root user and doesn’t require a user password. When the updater runs, it checks to see if the software updates are signed by Zoom, but Wardle discovered that it was only checking if the file has the same name as the signing certificate. A hacker could then use a different package with the same name as the certificate to gain access to the Mac.

Wardle presented his findings at the DefCon event last week, and his presentation is available for viewing online. Zoom responded by releasing the 5.11.5 (9788) update, which patches the flaw, but it’s actually the second attempt at a fix. In December, Wardle told Zoom about the vulnerability and the company issued a fix, but the fix had a bug that allowed the vulnerability to still be effective.

Zoom has a checkered security history. In the past, it has had problems with unauthorized microphone access, a lack of encryption, and meetings being invaded by unauthorized users. Zoom has fixed those problems with updates.

Update 8/18/22: Apparantly, the 5.11.5 (9788) update did not completely resolve the problem. Zoom has issued another update that seems to provide a fix. (Third time’s the charm?) Update 5.11.6 (9098) is now available.

How to update Zoom

Zoom may automatically update when you launch the app, but it may not install the latest version (this happened to me), which is 5.11.6 (9098). To check the version, launch Zoom and click on zoom.us > About Zoom. If you don’t have the latest version, you’ll need to update it manually. Here’s how.

At a glance
  • Time to complete: 5 minutes
  • Tools required: internet connection
  • Materials required: Zoom Mac app
1.

Manually check for updates

Zoom Mac check updates

Foundry

Click on the zoom.us menu and select Check for Updates.

2.

Install the update

Zoom update

Zoom

Zoom will see what updates are available. You should see the 5.11.6 (9890) update, and you can read the release notes. Click on Install to proceed.

3.

Zoom restarts

Zoom update notification

Foundry

A progress window will appear during the installation, which will take a few minutes, depending on your internet connection. Zoom will relaunch and you should see an alert that says you’ve installed the latest version. You can now use Zoom as usual.

, Senior Editor

Roman has covered technology since the early 1990s. His career started at MacUser, and he's worked for MacAddict, Mac|Life, and TechTV.

Recent stories by Roman Loyola: