Zoom for macOS updates and removes root access exploit

The zoom app updates on macOS

A few days ago, a flaw was discovered in the installer of the Zoom communication application that could allow some users to have root access. With that attackers could gain access to the entire operating system. However, it seems that everything is finally under control, thanks to a new application update that has resolved the problem. Since the pandemic, Zoom is one of the most used applications to keep in touch with family and professionals with whom we could not meet in person. That is why it is so important that it has been solved, although not very quickly.

A security researcher discovered a flaw in the Zoom app installer for macOS that could allow attackers to gain root access and control the entire operating system. This researcher, Patrick Wardle, who worked for the NSA, shared his findings in a presentation at the Defcon conference in Las Vegas last Friday. It explains that the attack works by taking advantage of the Zoom installer for macOS, which requires special user permissions in order to install or uninstall Zoom from a Mac. More specifically, Wardle discovered that the installer has an automatic update feature that continues running in the background with elevated privileges. An attacker could trick the updater into thinking a malicious file was signed by Zoom.

Before making it public at the conference, the company was already notified privately, that was in December and although it has tried to correct the problem since then, it has not been until now, that it seems that it has finally been solved. The company in charge of managing Zoom, has released a patch that fixes the auto-update feature which could grant macOS root privileges to an attacker.

The content of the article adheres to our principles of editorial ethics. To report an error click here.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.