Before you log into Zoom to start your next video call, you should take a few minutes before you join to update your app. Zoom recently released a security patch for a major hole that could let a hacker take over your whole machine.
The vulnerability, discovered by Patrick Wardle of the Objective-See Foundation, involves Zoom’s automatic updater, which works as a root user and doesn’t require a user password. When the updater runs, it checks to see if the software updates are signed by Zoom, but Wardle discovered that it was only checking if the file has the same name as the signing certificate. A hacker could then use a different package with the same name as the certificate to gain access to the Mac.
Wardle presented his findings at the DefCon event last week, and his presentation is available for viewing online. Zoom responded by releasing the 5.11.5 (9788) update, which patches the flaw, but it’s actually the second attempt at a fix. In December, Wardle told Zoom about the vulnerability and the company issued a fix, but the fix had a bug that allowed the vulnerability to still be effective.
Zoom has a checkered security history. In the past, it has had problems with unauthorized microphone access, a lack of encryption, and meetings being invaded by unauthorized users. Zoom has fixed those problems with updates.
Update 8/18/22: Apparantly, the 5.11.5 (9788) update did not completely resolve the problem. Zoom has issued another update that seems to provide a fix. (Third time’s the charm?) Update 5.11.6 (9098) is now available.
How to update Zoom
Zoom may automatically update when you launch the app, but it may not install the latest version (this happened to me), which is 5.11.6 (9098). To check the version, launch Zoom and click on zoom.us > About Zoom. If you don’t have the latest version, you’ll need to update it manually. Here’s how.
At a glance
Time to complete: 5 minutes
Tools required: internet connection
Materials required: Zoom Mac app
Manually check for updates
Click on the zoom.us menu and select Check for Updates.
Install the update
Zoom will see what updates are available. You should see the 5.11.6 (9890) update, and you can read the release notes. Click on Install to proceed.
A progress window will appear during the installation, which will take a few minutes, depending on your internet connection. Zoom will relaunch and you should see an alert that says you’ve installed the latest version. You can now use Zoom as usual.