Zoom users need to install an urgent update or hackers could take control of their system, the company has warned.
The latest update fixes a critical vulnerability in the Mac version of the app that meant that a security hole in Zoom could be used to gain access to a user’s system.
The problem was discovered by security researcher Patrick Wardle, who noted that a bug was present in the app’s installer. Because that requires special permissions to be able to change files on the system, any bug could be seized by hackers to get access to those permissions – and from there the system more broadly.
It would be used by fooling Zoom itself to make the app believe that an update was legitimate. However, that update would actually include the files that would allow a hacker to make their attack.
Mr Wardle reported the attacks at the Def Con security conference last week, and the update has just rolled out. “Mahalos to Zoom for the (incredibly) quick fix!” he said in a tweet, in which he noted the app had been updated to “prevent malicious subversion”.
The fix is now present in the latest version of the app – numbered 5.11.5 – which should be installed as soon as possible by users to avoid being hit by the problem.
The new version can be installed by opening up the Mac app and then pressing on the “zoom.us” in the top left corner of the screen. The option to check for updates should appear, and that process will then install any updates, showing information on which version will be installed and what has changed.