Skip to main content
  1. Home
  2. Computing
  3. News

Zoom just fixed a major security flaw on Mac. Here’s why you should update now

By

If you have Zoom installed on your MacBook, you’ll want to update the app right now. Zoom spent the weekend patching a major security flaw in its Mac app, and the update is available right now.

According to The Verge, it all began at Def Con, a computer security and hacker conference in Las Vegas. The founder of the security non-profit Objective-See and an ex-NSA security analyst, Patrick Wardle, took to the stage on Friday and presented a stunning find: a massive security vulnerability in the Zoom installer for MacBooks.

The Logitech Brio 4K Pro attached to a Macbook.
Image used with permission by copyright holder

The exploit allowed a threat actor to take control of someone’s Mac through the Zoom app, right down to the root level of the machine. The Zoom package installer used a weak security certificate test and any file with the same name as the official Zoom package could easily bypass the test. At this level, the MacBook recognizes the hacker as a “superuser” who can then read, change or create any file, including adding other malware to the system.

Recommended Videos

Frustratingly, Wardle had discovered the security threat back in December and had informed Zoom of his findings. Wardle said Zoom didn’t take him seriously and released a patch after a month, which contained another security bug. He informed Zoom of this second bug, and more importantly, of the first bug not being fixed. Zoom sat on it.

Related

Wardle decided to go public with his findings at Def Con. He had followed responsible disclosure protocols, which gives companies time to fix bugs, and after eight months of inaction, he felt he had to warn others. Zoom released a small patch a few weeks before the conference but Wardle said the vulnerability was still present.

This isn’t the first time Zoom has been criticized for lax security. In 2020 Wardle discovered a Mac vulnerability in Zoom which allowed cameras and microphones to be hijacked. Zoom was also found to have been sending user data to Facebook, and then the US Department of Justice filed charges against a Zoom executive for collusion with the Chinese government.

Zoom spent the weekend working on a new patch following Wardle’s presentation, and it is now available. Version 5.11.5 is a free update for Mac-based Zoom installs and is available now.

If you would prefer to use a different video conferencing platform, check out our handy guide to Microsoft Teams.

Editors’ Recommendations

Topics
Nathan Drescher
Nathan Drescher
Former Digital Trends Contributor
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
Why you should buy a MacBook Air instead of a MacBook Pro
The MacBook Air on a table in front of a window.

The MacBook Air has officially caught up. Now with the M3 on board, the MacBook Air has gained the benefits of the new chip, which was previously available just on the MacBook Pro and iMac.

Choosing between the M3 15-inch MacBook Air and the 14-inch MacBook Pro is tough, and requires an in-depth look at differences in ports, displays, speakers, and more. It's a legitimately hard decision to make.

Read more
I needed to buy a new MacBook. Here’s why I bought a power bank instead
Baseus Blade 2 65W power bank for laptops kept on a green couch.

I rely on a 13-inch MacBook Pro from 2020 for most of my work. Despite its age and being a base variant model, it continues to stack up well against my expectations for all these years.

Since MacBooks are known for longevity, the fact that my MacBook Pro still holds up well a few years later shouldn't sound surprising. However, the first signs of aging recently arrived in the form of a warning about the battery's plummeting health. I was already dreading the idea of having to replace what was otherwise a perfectly good laptop.

Read more
The MacBook Air M3 has one change that fixes its biggest flaw
The screen of the MacBook Air M2.

With surprisingly little fanfare — no spring event this time — Apple has dropped an update to the MacBook Air a bit sooner than expected. The incredibly thin MacBook Air 13- and 15-inch models both received updates to the Apple Silicon M3 chipsets, but that's not all.

There's one surprising new feature in the mix that could make a big difference in purchasing decisions: support for multiple monitors with the display closed. As this was the major complaint of the previous MacBook Air, this change is a pretty big deal. While it still supports only a total of two screens, it's a positive change for those that want to connect to two large, external monitors for work.

Read more