{"id":49457,"date":"2022-08-18T21:20:47","date_gmt":"2022-08-18T21:20:47","guid":{"rendered":"https:\/\/harchi90.com\/zoom-patches-critical-vulnerability-again-after-prior-fix-was-bypassed\/"},"modified":"2022-08-18T21:20:47","modified_gmt":"2022-08-18T21:20:47","slug":"zoom-patches-critical-vulnerability-again-after-prior-fix-was-bypassed","status":"publish","type":"post","link":"https:\/\/harchi90.com\/zoom-patches-critical-vulnerability-again-after-prior-fix-was-bypassed\/","title":{"rendered":"Zoom patches critical vulnerability again after prior fix was bypassed"},"content":{"rendered":"<div itemprop=\"articleBody\">\n<figure class=\"intro-image intro-left\">\n  <figcaption class=\"caption\">\n<div class=\"caption-text\">enlarge <span class=\"sep\">\/<\/span> A critical vulnerability in Zoom for MacOS, patched once last weekend, could still be bypassed as of Wednesday.  Users should update again.<\/div>\n<p>Getty Images<\/p>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\">\n<\/aside>\n<p><!-- cache hit 748:single\/related:6c150daedccc93ce12b1207b30701225 --><!-- empty --><\/p>\n<p>It&#8217;s time for Zoom users on Mac to update\u2014again.<\/p>\n<p>After Zoom patched a vulnerability in its Mac auto-update utility that could give malicious actors root access earlier this week, the video conferencing software company issued another patch Wednesday, noting that the prior fix could be bypassed.<\/p>\n<p>Zoom users on macOS should download and run version 5.11.6 (9890), released August 17. You can also check Zoom&#8217;s menu bar for updates.  Waiting for an automatic update could leave you waiting days while this exploit is publicly known.<\/p>\n<p>Zoom&#8217;s incomplete fix was reported by macOS security researcher Csaba Fitzl, aka theevilbit of Offensive Security.  Zoom credited Fitzl in its security bulletin (ZSB-22019) and issued a patch the day before Fitzl tweeted about it.<\/p>\n<p>Neither Fitzl nor Zoom detailed how Fitzl was able to bypass the fix for the vulnerability <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/patrickwardle\/status\/1558220950558035968?s=21&amp;t=82dTcApJ0PB_uUwX26H8IQ\" target=\"_blank\">first discovered by Patrick Wardle<\/a>, founder of the Objective-See Foundation.  Wardle spoke at Def Con last week about how Zoom&#8217;s auto-update utility held onto its privileged status to install Zoom packages but could be tricked into verifying other packages.  That meant malicious actors could use it to downgrade Zoom for better exploit access or even to gain root access to the system.<\/p>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>enlarge \/ A critical vulnerability in Zoom for MacOS, patched once last weekend, could still be bypassed as of Wednesday. Users should update again. Getty Images It&#8217;s time for Zoom users on Mac to update\u2014again. After Zoom patched a vulnerability in its Mac auto-update utility that could give malicious actors root access earlier this week, &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/zoom-patches-critical-vulnerability-again-after-prior-fix-was-bypassed\/\"> <span class=\"screen-reader-text\">Zoom patches critical vulnerability again after prior fix was bypassed<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":46201,"url":"https:\/\/harchi90.com\/update-zoom-for-mac-now-to-avoid-root-access-vulnerability\/","url_meta":{"origin":49457,"position":0},"title":"Update Zoom for Mac now to avoid root-access vulnerability","date":"August 15, 2022","format":false,"excerpt":"enlarge \/ A critical vulnerability in Zoom for Mac OS allowed unauthorized users to downgrade Zoom or even gain root access. It has been fixed, and users should update now.Getty Images If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":45819,"url":"https:\/\/harchi90.com\/zooms-latest-update-on-mac-includes-a-fix-for-a-dangerous-security-flaw\/","url_meta":{"origin":49457,"position":1},"title":"Zoom&#8217;s latest update on Mac includes a fix for a dangerous security flaw","date":"August 15, 2022","format":false,"excerpt":"Zoom has issued a patch for a bug on macOS that could allow a hacker to take control of a user's operating system (via MacRumors). In an update on its security bulletin, Zoom acknowledges the issue (CVE-2022-28756) and says a fix is \u200b\u200bincluded in version 5.11.5 of the app on\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":50672,"url":"https:\/\/harchi90.com\/apple-users-should-update-zoom-and-beware-fake-coinbase-job-postings\/","url_meta":{"origin":49457,"position":2},"title":"Apple users should update Zoom &#8212; and beware fake Coinbase job postings","date":"August 20, 2022","format":false,"excerpt":"Bad apples have given iPhone, Mac and iPad users more reasons to worry. Apple AAPL, -1.51% shared two security reports this week warning about serious vulnerabilities in some of its devices, which could allow attackers to take complete control of iPhones, iPads and Macs. Users were advised to update the\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":43744,"url":"https:\/\/harchi90.com\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/","url_meta":{"origin":49457,"position":3},"title":"The Zoom installer let a researcher hack his way to root access on macOS","date":"August 13, 2022","format":false,"excerpt":"A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system. Details of the exploits were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":41216,"url":"https:\/\/harchi90.com\/microsoft-patch-tuesday-august-2022-edition-krebs-on-security\/","url_meta":{"origin":49457,"position":4},"title":"Microsoft Patch Tuesday, August 2022 Edition \u2013 Krebs on Security","date":"August 10, 2022","format":false,"excerpt":"Microsoft today released updates to fix a record 141 security vulnerabilities in its windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server \u2014 including one\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2022\/07\/winupdatedate.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":52431,"url":"https:\/\/harchi90.com\/google-confirms-chrome-zero-day-5-as-cve-2022-2856-attacks-begin\/","url_meta":{"origin":49457,"position":5},"title":"Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin","date":"August 22, 2022","format":false,"excerpt":"August 20 Update below. This post was originally published on August 18 If you are a Chrome browser user, be that in Windows, Mac, or Linux flavor, Google has some bad news for you. Attackers are already exploiting a high-impact security vulnerability that could lead to them gaining control of\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2022\/08\/GettyImages-1233188561-760x380.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/49457"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=49457"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/49457\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=49457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=49457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=49457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}