Skip to main content
  1. Home
  2. Computing
  3. News

Zoom just fixed a major security flaw on Mac. Here’s why you should update now

Nathan Drescher
By

If you have Zoom installed on your MacBook, you’ll want to update the app right now. Zoom spent the weekend patching a major security flaw in its Mac app, and the update is available right now.

According to The Verge, it all began at Def Con, a computer security and hacker conference in Las Vegas. The founder of the security non-profit Objective-See and an ex-NSA security analyst, Patrick Wardle, took to the stage on Friday and presented a stunning find: a massive security vulnerability in the Zoom installer for MacBooks.

The Logitech Brio 4K Pro attached to a Macbook.

The exploit allowed a threat actor to take control of someone’s Mac through the Zoom app, right down to the root level of the machine. The Zoom package installer used a weak security certificate test and any file with the same name as the official Zoom package could easily bypass the test. At this level, the MacBook recognizes the hacker as a “superuser” who can then read, change or create any file, including adding other malware to the system.

Related

Frustratingly, Wardle had discovered the security threat back in December and had informed Zoom of his findings. Wardle said Zoom didn’t take him seriously and released a patch after a month, which contained another security bug. He informed Zoom of this second bug, and more importantly, of the first bug not being fixed. Zoom sat on it.

Recommended Videos

Wardle decided to go public with his findings at Def Con. He had followed responsible disclosure protocols, which gives companies time to fix bugs, and after eight months of inaction, he felt he had to warn others. Zoom released a small patch a few weeks before the conference but Wardle said the vulnerability was still present.

This isn’t the first time Zoom has been criticized for lax security. In 2020 Wardle discovered a Mac vulnerability in Zoom which allowed cameras and microphones to be hijacked. Zoom was also found to have been sending user data to Facebook, and then the US Department of Justice filed charges against a Zoom executive for collusion with the Chinese government.

Zoom spent the weekend working on a new patch following Wardle’s presentation, and it is now available. Version 5.11.5 is a free update for Mac-based Zoom installs and is available now.

If you would prefer to use a different video conferencing platform, check out our handy guide to Microsoft Teams.

Editors' Recommendations

Topics
Nathan Drescher
Nathan Drescher
Computing Writer
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
Here’s why you need to update your Google Chrome right now
Google Chrome opened on a laptop.

Google has just released a new version of Chrome, and it's crucial that you get your browser updated as soon as possible.

The patch was deployed to fix a major zero-day security flaw that could potentially pose a risk to your device. The latest update is now available for Windows, Mac, and Linux -- here's how to make sure your browser is safe.

Read more
Apple’s antivirus strategy for Mac has gone fully preemptive, but is that enough?
Security and Privacy settings open on a MacBook.

Apple made its Macs even better at fighting malware in recent years, but don't relax just yet.

A recent blog post by Howard Oakley at the Eclectic Light Company details the changes Apple has quietly made in the past six months that mark a distinct change in strategy for protecting Macs, including spots where there are still holes of vulnerability, specifically for some older Macs.

Read more
Here’s why people are saying to buy the M1 MacBook Air instead of the M2
Apple MacBook Air M1 open, on a table.

The once highly anticipated M2 MacBook Air is finally out. But despite how great the design looks, many potential buyers are instead turning to the M1 MacBook Air, a laptop that's nearly two years old.

Apple still sells it, of course, and as plenty of reviewers and commentators have pointed out, it may prove to be the better option for many people -- and there are three main reasons why.

Read more