Researcher Gains Root Access on macOS Using Zoom
Researcher Gains Root Access on macOS Using Zoom

Researcher Gains Root Access on macOS Using Zoom

13 august, 20221 minute to read
Follow [Durov's // Code] on Telegram

Mac security specialist Patrick Wardle has managed to gain root access to macOS using Zoom.

The researcher presented details of the exploit at the Def Con hacking conference in Las Vegas. He explained that the hack works through Zoom's app installer, which requires special user rights. In doing so, the automatic update function was constantly running in the background with superuser privileges.

The update function installed a new data packet after cryptographic validation, for which any file with the same name as Zoom's signature certificate was sufficient. An attacker could have spoofed any malware and run it in the updater with elevated user rights.

After gaining initial access to the system, the attacker could then use the exploit to upgrade to a higher level of access, i.e., "superuser" or "root", allowing him to add, delete or modify any files on the machine.

It's worth saying that a few weeks before the Def Con event, Zoom released an update that fixed the bugs. However, the company did not consider the subtleties of Unix systems, to which macOS belongs. When upgrading, the new package is moved to a directory belonging to the user "root", which means that nobody without root rights can do anything with it. Unix systems, however, imply that when an existing file is moved from another location to the root directory, it retains the same read and write permissions it had before. Therefore, it can still be modified by a normal user, which gives an intruder the opportunity to alter the contents of the file and use it to gain root status.

Zoom is now working on a fix for this bug.

13 august, 2022
Follow [Durov's // Code] on Telegram