Skip to main content
  1. Home
  2. Computing
  3. News

Zoom just fixed a major security flaw on Mac. Here’s why you should update now

By
Add as a preferred source on Google

If you have Zoom installed on your MacBook, you’ll want to update the app right now. Zoom spent the weekend patching a major security flaw in its Mac app, and the update is available right now.

According to The Verge, it all began at Def Con, a computer security and hacker conference in Las Vegas. The founder of the security non-profit Objective-See and an ex-NSA security analyst, Patrick Wardle, took to the stage on Friday and presented a stunning find: a massive security vulnerability in the Zoom installer for MacBooks.

The Logitech Brio 4K Pro attached to a Macbook.
Image used with permission by copyright holder

The exploit allowed a threat actor to take control of someone’s Mac through the Zoom app, right down to the root level of the machine. The Zoom package installer used a weak security certificate test and any file with the same name as the official Zoom package could easily bypass the test. At this level, the MacBook recognizes the hacker as a “superuser” who can then read, change or create any file, including adding other malware to the system.

Recommended Videos

Frustratingly, Wardle had discovered the security threat back in December and had informed Zoom of his findings. Wardle said Zoom didn’t take him seriously and released a patch after a month, which contained another security bug. He informed Zoom of this second bug, and more importantly, of the first bug not being fixed. Zoom sat on it.

Wardle decided to go public with his findings at Def Con. He had followed responsible disclosure protocols, which gives companies time to fix bugs, and after eight months of inaction, he felt he had to warn others. Zoom released a small patch a few weeks before the conference but Wardle said the vulnerability was still present.

This isn’t the first time Zoom has been criticized for lax security. In 2020 Wardle discovered a Mac vulnerability in Zoom which allowed cameras and microphones to be hijacked. Zoom was also found to have been sending user data to Facebook, and then the US Department of Justice filed charges against a Zoom executive for collusion with the Chinese government.

Zoom spent the weekend working on a new patch following Wardle’s presentation, and it is now available. Version 5.11.5 is a free update for Mac-based Zoom installs and is available now.

If you would prefer to use a different video conferencing platform, check out our handy guide to Microsoft Teams.

Nathan Drescher
Nathan Drescher
Former Computing Writer
Nathan Drescher is a freelance journalist and writer from Ottawa, Canada. He's been writing about technology from around the…
Topics
Gemini will now take notes for you in Google Meet for you, if you the minimum $20 AI tax
Yet another Google subscription just dropped for Gemini
Google Meet Take Notes for me Gemini

Google has just released a useful Gemini feature, which you can try if you are a paying member of course. The company is now bringing "Take notes for me" for Gemini, which will be available in Google Meet for Google AI Pro and Google AI Ultra subscribers, along with eligible Workspace business customers.

For personal users, the feature starts with Google AI Pro, which costs $19.99 per month in the US. In other words, Gemini can now take your Google Meet notes, provided you pay the minimum AI tax.

Read more
After iPad Pro and MacBook Pro, the iMac could be the next in line for an OLED screen upgrade
iMac with M4

The iPhone got an OLED panel in 2017, while the iPad Pro followed in 2024. Even the MacBook Pro is expected to follow later this year or early next year. But what about the iMac?

According to TrendForce, the iMac could get an OLED upgrade. There's no timeline yet, but the direction is clear. Apple wants to replace its current display technologies with OLED, raising the bar for color quality for both regular users and professionals.

Read more
This $1,299 gaming PC wants to be a Steam Machine without waiting for Valve
Valve’s Steam Machine dream is already real in MetaPC's new prebuilt
MetaPC's Steamroller is a new Steam Machine rival

Valve’s Steam Machine may be the face of SteamOS, but the platform isn't exclusive to it. A big announcement after Steam Machine's unveiling was that SteamOS would be arriving on systems outside of the new hybrid console. Now, MetaPCs is one of the first to take advantage of this by opening the preorders for the Steamroller, a new prebuilt gaming desktop that ships with SteamOS installed by default.

Though Steamroller is not trying to be a tiny console-like cube. It is a normal desktop PC with standard parts and a real upgrade path. The system costs $1,299 and is listed with a preorder date of July 3, 2026.

Read more