Older versions of Zoom could allow hackers to take over your macOS through a privilege escalation vulnerability. but the Zoom latest update (5.11.5) corrects this bug. If you are using Zoom on your Mac, you should update the software now.
This update comes just one week after Zoom revealed a privilege escalation vulnerability In the security bulletin. The vulnerability (CVE-2022-28756) received widespread coverage after it was revealed by Patrick Wardle, founder of the Objective-See Foundation, at the Def Con hacking conference on August 12.
The vulnerability extends from a bug in Zoom’s automatic update system. Usually, Zoom checks update packages for an encrypted signature. This validates the update and is published by Zoom. But if you give a file with the same name as Zoom’s encrypted signature, the program will run that file without any questions asked.
In the worst case scenario, hackers can use this flaw to put RATs (remote access trojans) on your Mac. But this vulnerability could open the door to any malware, including ransomware. It’s no surprise that Zoom has pushed such a quick fix.
I suggest opening Zoom on your Mac (even if you don’t use it often) to play a file Automatic update. If you want to make sure that Zoom is actually installing the 5.11.5 update, continue with Manual update process.