{"id":12266,"date":"2022-08-13T14:52:51","date_gmt":"2022-08-13T14:52:51","guid":{"rendered":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/"},"modified":"2022-08-13T14:52:52","modified_gmt":"2022-08-13T14:52:52","slug":"the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos","status":"publish","type":"post","link":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/","title":{"rendered":"The Zoom installer let a researcher hack his way to root access on macOS"},"content":{"rendered":"<p>Source: <a href=\"https:\/\/www.theverge.com\/2022\/8\/12\/23303411\/zoom-defcon-root-access-privilege-escalation-hack-patrick-wardle\">https:\/\/www.theverge.com\/2022\/8\/12\/23303411\/zoom-defcon-root-access-privilege-escalation-hack-patrick-wardle<\/a><br \/>\n<code><br \/><\/br><\/code><\/p>\n<div readability=\"118.90480656506\">\n<p id=\"ojeZAz\">A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.<\/p>\n<p id=\"itQD0a\">Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday. Some of the bugs involved have already been fixed by Zoom, but the researcher also presented one unpatched vulnerability that still affects systems now.<\/p>\n<p id=\"JZA844\">The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.<\/p>\n<div class=\"c-float-right\">\n<aside id=\"LKSOeo\"><q>A privilege escalation attack<\/q><\/aside>\n<\/div>\n<p id=\"GYeZho\">When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom. But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom\u2019s signing certificate would be enough to pass the test \u2014 so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege.<\/p>\n<p id=\"jkTCEx\">The result is <a href=\"https:\/\/en.wikipedia.org\/wiki\/Privilege_escalation\">a privilege escalation attack<\/a>, which assumes an attacker has already gained initial access to the target system and then employs an exploit to gain a higher level of access. In this case, the attacker begins with a restricted user account but escalates into the most powerful user type \u2014 known as a \u201csuperuser\u201d or \u201croot\u201d \u2014 allowing them to add, remove, or modify any files on the machine.<\/p>\n<p id=\"mtO7V7\">Wardle is the founder of the Objective-See Foundation, a nonprofit that creates open-source security tools for macOS. Previously, at the Black Hat cybersecurity conference held in the same week as Def Con, Wardle <a href=\"https:\/\/www.theverge.com\/2022\/8\/11\/23301130\/patrick-wardle-mac-code-corporations-stealing-black-hat#comments\">detailed the unauthorized use of algorithms lifted from his open-source security software by for-profit companies<\/a>.<\/p>\n<div class=\"c-float-right\">\n<aside id=\"pF63n4\"><q>\u201cIt was really frustrating to wait &#8230; six, seven, eight months\u201d<\/q><\/aside>\n<\/div>\n<p id=\"AoyI9q\">Following responsible disclosure protocols, Wardle informed Zoom about the vulnerability in December of last year. To his frustration, he says an initial fix from Zoom contained another bug that meant the vulnerability was still exploitable in a slightly more roundabout way, so he disclosed this second bug to Zoom and waited eight months before publishing the research.<\/p>\n<p id=\"Ws6rL3\">\u201cTo me that was kind of problematic because not only did I report the bugs to Zoom, I also reported mistakes and how to fix the code,\u201d Wardle told <em>The Verge <\/em>in a call before the talk. \u201cSo it was really frustrating to wait, what, six, seven, eight months, knowing that all Mac versions of Zoom were sitting on users\u2019 computers vulnerable.\u201d<\/p>\n<p id=\"jxY6WA\">A few weeks before the Def Con event, Wardle says Zoom issued a patch that fixed the bugs that he had initially discovered. But on closer analysis, another small error meant the bug was still exploitable.<\/p>\n<p id=\"s7INeb\">In the new version of the update installer, a package to be installed is first moved to a directory owned by the \u201croot\u201d user. Generally this means that no user that does not have root permission is able to add, remove, or modify files in this directory. But because of a subtlety of Unix systems (of which macOS is one), when an existing file is moved from another location to the root directory, it retains the same read-write permissions it previously had. So, in this case, it can still be modified by a regular user. And because it can be modified, a malicious user can still swap the contents of that file with a file of their own choosing and use it to become root.<\/p>\n<p id=\"4bcjMo\">While this bug is currently live in Zoom, Wardle says it\u2019s very easy to fix and that he hopes that talking about it publicly will \u201cgrease the wheels\u201d to have the company take care of it sooner rather than later.<\/p>\n<p id=\"zeF4Ni\">In a statement to <em>The Verge<\/em>, Matt Nagel, Zoom\u2019s security and privacy PR lead, said: \u201cWe are aware of the newly reported vulnerability in the Zoom auto updater for macOS and are working diligently to address it.\u201d<\/p>\n<p id=\"z0Umor\"><em><strong>Update August 12th, 11:09 PM ET: <\/strong><\/em><em>Article updated with response from Zoom.<\/em><\/p>\n<\/div>\n<p><code><br \/><\/br><\/code><\/p>\n<p>Source: <a href=\"https:\/\/www.theverge.com\/2022\/8\/12\/23303411\/zoom-defcon-root-access-privilege-escalation-hack-patrick-wardle\">https:\/\/www.theverge.com\/2022\/8\/12\/23303411\/zoom-defcon-root-access-privilege-escalation-hack-patrick-wardle<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Source: A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system. Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday. Some of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":12267,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","om_disable_all_campaigns":false,"pagelayer_contact_templates":[],"_pagelayer_content":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,8],"tags":[9],"class_list":["post-12266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apple","category-technology","tag-apple"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Zoom installer let a researcher hack his way to root access on macOS - Science and Nerds<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Zoom installer let a researcher hack his way to root access on macOS - Science and Nerds\" \/>\n<meta property=\"og:description\" content=\"Source: A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system. Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday. Some of [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/\" \/>\n<meta property=\"og:site_name\" content=\"Science and Nerds\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-13T14:52:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-13T14:52:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/\",\"url\":\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/\",\"name\":\"The Zoom installer let a researcher hack his way to root access on macOS - Science and Nerds\",\"isPartOf\":{\"@id\":\"https:\/\/scienceandnerds.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg?fit=1200%2C628&ssl=1\",\"datePublished\":\"2022-08-13T14:52:51+00:00\",\"dateModified\":\"2022-08-13T14:52:52+00:00\",\"author\":{\"@id\":\"https:\/\/scienceandnerds.com\/#\/schema\/person\/ea2991abeb2b9ab04b32790dff28360e\"},\"breadcrumb\":{\"@id\":\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg?fit=1200%2C628&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg?fit=1200%2C628&ssl=1\",\"width\":1200,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/scienceandnerds.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Zoom installer let a researcher hack his way to root access on macOS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/scienceandnerds.com\/#website\",\"url\":\"https:\/\/scienceandnerds.com\/\",\"name\":\"Science and Nerds\",\"description\":\"My WordPress Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/scienceandnerds.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/scienceandnerds.com\/#\/schema\/person\/ea2991abeb2b9ab04b32790dff28360e\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/scienceandnerds.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7e6e14fc6691445ef2b2c0a3a6c43882?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7e6e14fc6691445ef2b2c0a3a6c43882?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/scienceandnerds.com\"],\"url\":\"https:\/\/scienceandnerds.com\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Zoom installer let a researcher hack his way to root access on macOS - Science and Nerds","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/","og_locale":"en_US","og_type":"article","og_title":"The Zoom installer let a researcher hack his way to root access on macOS - Science and Nerds","og_description":"Source: A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system. Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday. Some of [&hellip;]","og_url":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/","og_site_name":"Science and Nerds","article_published_time":"2022-08-13T14:52:51+00:00","article_modified_time":"2022-08-13T14:52:52+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg","type":"image\/jpeg"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/","url":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/","name":"The Zoom installer let a researcher hack his way to root access on macOS - Science and Nerds","isPartOf":{"@id":"https:\/\/scienceandnerds.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#primaryimage"},"image":{"@id":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg?fit=1200%2C628&ssl=1","datePublished":"2022-08-13T14:52:51+00:00","dateModified":"2022-08-13T14:52:52+00:00","author":{"@id":"https:\/\/scienceandnerds.com\/#\/schema\/person\/ea2991abeb2b9ab04b32790dff28360e"},"breadcrumb":{"@id":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#primaryimage","url":"https:\/\/i0.wp.com\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg?fit=1200%2C628&ssl=1","contentUrl":"https:\/\/i0.wp.com\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg?fit=1200%2C628&ssl=1","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/scienceandnerds.com\/2022\/08\/13\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/scienceandnerds.com\/"},{"@type":"ListItem","position":2,"name":"The Zoom installer let a researcher hack his way to root access on macOS"}]},{"@type":"WebSite","@id":"https:\/\/scienceandnerds.com\/#website","url":"https:\/\/scienceandnerds.com\/","name":"Science and Nerds","description":"My WordPress Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/scienceandnerds.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/scienceandnerds.com\/#\/schema\/person\/ea2991abeb2b9ab04b32790dff28360e","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/scienceandnerds.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/7e6e14fc6691445ef2b2c0a3a6c43882?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7e6e14fc6691445ef2b2c0a3a6c43882?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/scienceandnerds.com"],"url":"https:\/\/scienceandnerds.com\/author\/admin\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"https:\/\/i0.wp.com\/scienceandnerds.com\/wp-content\/uploads\/2022\/08\/the-zoom-installer-let-a-researcher-hack-his-way-to-root-access-on-macos_62f7bac416b4f.jpeg?fit=1200%2C628&ssl=1","_links":{"self":[{"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/posts\/12266"}],"collection":[{"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/comments?post=12266"}],"version-history":[{"count":1,"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/posts\/12266\/revisions"}],"predecessor-version":[{"id":12268,"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/posts\/12266\/revisions\/12268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/media?parent=12266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/categories?post=12266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/scienceandnerds.com\/wp-json\/wp\/v2\/tags?post=12266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}