Skip to main content

Zoom just fixed a major security flaw on Mac. Here’s why you should update now

If you have Zoom installed on your MacBook, you’ll want to update the app right now. Zoom spent the weekend patching a major security flaw in its Mac app, and the update is available right now.

According to The Verge, it all began at Def Con, a computer security and hacker conference in Las Vegas. The founder of the security non-profit Objective-See and an ex-NSA security analyst, Patrick Wardle, took to the stage on Friday and presented a stunning find: a massive security vulnerability in the Zoom installer for MacBooks.

The Logitech Brio 4K Pro attached to a Macbook.
Image used with permission by copyright holder

The exploit allowed a threat actor to take control of someone’s Mac through the Zoom app, right down to the root level of the machine. The Zoom package installer used a weak security certificate test and any file with the same name as the official Zoom package could easily bypass the test. At this level, the MacBook recognizes the hacker as a “superuser” who can then read, change or create any file, including adding other malware to the system.

Frustratingly, Wardle had discovered the security threat back in December and had informed Zoom of his findings. Wardle said Zoom didn’t take him seriously and released a patch after a month, which contained another security bug. He informed Zoom of this second bug, and more importantly, of the first bug not being fixed. Zoom sat on it.

Wardle decided to go public with his findings at Def Con. He had followed responsible disclosure protocols, which gives companies time to fix bugs, and after eight months of inaction, he felt he had to warn others. Zoom released a small patch a few weeks before the conference but Wardle said the vulnerability was still present.

This isn’t the first time Zoom has been criticized for lax security. In 2020 Wardle discovered a Mac vulnerability in Zoom which allowed cameras and microphones to be hijacked. Zoom was also found to have been sending user data to Facebook, and then the US Department of Justice filed charges against a Zoom executive for collusion with the Chinese government.

Zoom spent the weekend working on a new patch following Wardle’s presentation, and it is now available. Version 5.11.5 is a free update for Mac-based Zoom installs and is available now.

If you would prefer to use a different video conferencing platform, check out our handy guide to Microsoft Teams.

Editors' Recommendations

Nathan Drescher
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
DuckDuckGo’s new browser could help keep Mac users safe on the web
DuckDuckGo is a privacy-first web browser.

DuckDuckGo is a relatively well-known alternative to the dominant Google search engine but it also makes a DuckDuckGo web browser for iPhone and Android phones that places your privacy and security first. Now the DuckDuckGo browser is available for your Mac computer as a public beta.

The top feature of DuckDuckGo's browser has always been a convenient Fire button in the upper right corner of every window that burns up browser history, cookies, web caches, and visited URLs keeping your privacy safe with a single click, even on a shared computer. Many more features than that have been added. Duck Player is included and prevents YouTube from using ad tracking, cookies, and recommended videos. DuckDuckGo email is similar to Apple's Hide My Email, providing an @duck.com address that redirects to your actual account and which can easily be switched off if overrun with spam.

Read more
Update your Mac now to patch this crucial security flaw
The MacBook Air on a table in front of a window.

Apple just released another critical security update with the zero-day fixes appearing in MacOS Monterey 12.6 and Big Sur 11.7. The vulnerability even affects the iPhone and iPad, requiring an update to iOS 15.7 and iPadOS 15.7 to protect these devices.

This is the eighth zero-day this year, putting Apple on track to beat last year's unfortunate record of 12 zero-day flaws.

Read more
Here’s why you need to update your Google Chrome right now
Google Chrome opened on a laptop.

Google has just released a new version of Chrome, and it's crucial that you get your browser updated as soon as possible.

The patch was deployed to fix a major zero-day security flaw that could potentially pose a risk to your device. The latest update is now available for Windows, Mac, and Linux -- here's how to make sure your browser is safe.

Read more