Researcher: Leaks in Zoom Mac app give attacker access to mic and camera

Spread the love

Two vulnerabilities in Zoom’s macOS app allow an attacker to gain access to the camera and microphone. That writes a security researcher. Zoom has not yet commented on the new leak.

The first leak is in the Zoom app installer, writes researcher Patrick Wardle on Objective See. It uses an outdated api called ‘AuthorizationExecuteWithPrivileges’ and malicious software can use that to run itself with root.

It is then possible to piggyback on the user’s permission to use the camera and microphone for video calling in Zoom. The software allows other code to be executed in its own process, which then also has access to sound from the microphone and images from the camera. That access only applies when Zoom is running, but malicious software could start Zoom in the background and record audio and video at random times.

It is unknown if these vulnerabilities have been exploited. The researcher has had no contact with Zoom. Not only the Mac version of Zoom contains vulnerabilities, the Windows version also allows exploiting various vulnerabilities.

Zoom has not yet commented on the appearance of the leaks. As a result, it is unclear whether and when the company will close the leaks. Due to all the commotion surrounding the app, the New York State Attorney General has launched an exploratory investigation against the company’s privacy and security protocols.

You might also like
Exit mobile version