The exploit is blocked in version 5.11.5 of the Zoom app for macOS, and affected users should make the update immediately. The vulnerability got a CVSS score of 8.8 on the company’s security bulletin (opens in new tab), denoting it of “high” severity. It marks a quick turnaround for Zoom’s developers, as the bug was only exposed at the DEF CON hacking conference on Friday (August 12). The security researcher who found the weakness, Patrick Wardle, was certainly impressed, tweeting (opens in new tab): “Mahalos to @Zoom for the (incredibly) quick fix!” The Verge (opens in new tab), which attended the event last week, has more details on the now-defanged vulnerability, which targeted the installer of the Zoom application. Wardle found that while the installer required a Mac owner to enter a password for installations, the auto-update function ran in the background with superuser privileges. The updater would check that updates officially distributed by the developers had been cryptographically signed. But Wardle discovered that feeding the updater any file with the same credentials would fool it, allowing malicious types to substitute malware of their choosing to run on a Mac with Zoom open. That loophole is now, thankfully, closed. Wardle followed up on his congratulatory tweet by explaining exactly how Zoom had made the fix (opens in new tab).  “Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversions,” he explained — accompanied with a padlock and thumbs up emoji, suggesting this gets the Wardle seal of approval. To update Zoom on your Mac, load it up and then click zoom.us (or whatever your geographical equivalent is) from the menu bar at the top of the screen. Select “Check for updates” and Zoom should pop open a window giving you the details of what’s included. Click “Update” and your download will begin. Once you’re all updated, don’t forget to check out our guides to the best free Zoom backgrounds, how to get Snapchat filters on Zoom and our overall page on how to use Zoom.

Zoom flaw allows hackers to take over your Mac   update right now - 86Zoom flaw allows hackers to take over your Mac   update right now - 85Zoom flaw allows hackers to take over your Mac   update right now - 79Zoom flaw allows hackers to take over your Mac   update right now - 10Zoom flaw allows hackers to take over your Mac   update right now - 92