Wednesday, September 28, 2022

ਵਾਹਿਗੁਰੂ

spot_img



Zoom installer flaw can give attackers root access to Mac: Report

San Francisco, Aug 13, 2022- A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system.

According to The Verge, details of the exploit were released in a presentation by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas this week.

Zoom has already fixed some of the bugs involved, but the researcher also presented one unpatched vulnerability that still affects systems now.

The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions to install or remove the main Zoom application from a computer.

Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom.

But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test — so an attacker could substitute any malware program and have it be run by the updater with elevated privilege, the report said.

The result is a privilege escalation attack, which assumes an attacker has already gained initial access to the target system and then employs an exploit to gain a higher level of access.

In this case, the attacker begins with a restricted user account but escalates into the most powerful user type — known as a “superuser” or “root” — allowing them to add, remove, or modify any files on the machine.  (Agency)

CLICK HERE to like YesPunjab.com Facebook Page for regular updates

- Advertisement -

Yes Punjab - TOP STORIES

Punjab News

Sikh News

Transfers, Postings, Promotions

- Advertisement -spot_img

Stay Connected

38,505FansLike
114,038FollowersFollow

ENTERTAINMENT

National

GLOBAL

OPINION

Popular Front of India – India’s internal insurgency – by Arshia Malik

The National Investigation Agency (NIA) -- which was probing over 100 (Popular Front of India (PFI) members in connection with various cases -- arrested...

India’s rise as a global counsel at Samarkand summit – by DC Pathak

The post-Cold War world - no more divided in rival camps created by two competing superpowers confronting each other for military and ideological reasons...

By changing Vyapam’s name twice, MP govt can’t whitewash its stains – by Sundeep Pouranik

Bhopal, Sep 24, 2022 - Seems that ghosts of the Vyampam scam will continue to haunt the Chief Minister Shivraj Singh Chouhan-led Madhya Pradesh...

SPORTS

Health & Fitness

Herbal drug BGR-34 beats obesity, diabetes: AIIMS study

New Delhi, Sep 23, 2022 - A team of doctors from premier health research institute All India Institute of Medical Sciences (AIIMS) here has found that anti-diabetic ayurvedic drug BGR-34 is effective in cutting down obesity along with improving metabolism mechanisms of the patient afflicted with the chronic disease. Led by Sudhir Chandra Sarangi, Additional Professor, Department of Pharmacology AIIMS,...

Gadgets & Tech

error: Content is protected !!