wp-plugin-hostgator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114ol-scrapes domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114Source: https:\/\/www.theverge.com\/2022\/8\/14\/23305548\/zoom-update-macos-fix-dangerous-security-flaw-hackers<\/a> Zoom has issued a patch for a bug on macOS that could allow a hacker to take control of a user\u2019s operating system (via MacRumors<\/em><\/a>). In an update on its security bulletin<\/a>, Zoom acknowledges the issue (CVE-2022-28756) and says a fix is included in version 5.11.5 of the app on Mac, which you can (and should) download now.<\/p>\n Patrick Wardle, a security researcher and founder of the Objective-See Foundation, a nonprofit that creates open-source macOS security tools, first uncovered the flaw and presented it at the Def Con hacking conference last week. My colleague, Corin Faife, attended the event and reported on Wardle\u2019s findings<\/a>. <\/p>\n As Corin explains, the exploit targets the Zoom installer, which requires special user permissions to run. By leveraging this tool, Wardle found that hackers could essentially \u201ctrick\u201d Zoom into installing a malicious program by putting Zoom\u2019s cryptographic signature on the package. From here, attackers can then gain further access to a user\u2019s system, letting them modify, delete, or add files on the device.<\/p>\n Reversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversions pic.twitter.com\/00xjqKQsXs<\/a><\/p>\n \u2014 patrick wardle (@patrickwardle) August 14, 2022<\/a>\n<\/p><\/blockquote>\n<\/div>\n<\/div>\n \u201cMahalos to Zoom for the (incredibly) quick fix!\u201d Wardle said in response<\/a> to Zoom\u2019s update. \u201cReversing the patch, we see the Zoom installer now invokes lchown to update the permissions of the update .pkg, thus preventing malicious subversion.\u201d<\/p>\n
\n
<\/br><\/code><\/p>\n\n