Skip to main content

[Update: Zoom patches and responds] Ex-NSA hacker finds new Zoom flaws to takeover Macs again, including webcam, mic, and root access

Zoom, the popular video call service has had a number of privacy and security issues over the years and we’ve seen several very recently as Zoom has seen usage skyrocket during the coronavirus pandemic. Now two new bugs have been discovered that allow hackers to take control of Macs including the webcam, microphone, and even full root access.


Update 4/2: Zoom has issued an apology for its privacy and security gaffes, patched these two most recent Mac bugs, and laid out a plan for the next 90 days to improve the service.

But if you’re still wanting to switch to another option, check out our roundup of 10 Zoom alternatives here.


Reported by TechCrunch, the new flaws were discovered by Ex-NSA hacker Patrick Wardle, now principal security researcher at Jamf, who detailed his findings on his blog Objective-See.

Wardle goes through a history of Zoom’s privacy and security issues like the webcam hijacking we saw last summer, the calls not actually being end-to-end encrypted as the company claims, the iOS app sending user data to Facebook, and more.

That brings us to today. Wardle’s new bug discoveries mean Macs are vulnerable to webcam and mic takeover again, in addition to taking gaining root access to a Mac. It does have to be a local attack but the bug makes it relatively easy for an attacker to gain total control in macOS through Zoom.

As such, today when Felix Seele also noted that the Zoom installer may invoke the AuthorizationExecuteWithPrivileges API to perform various privileged installation tasks, I decided to take a closer look. Almost immediately I uncovered several issues, including a vulnerability that leads to a trivial and reliable local privilege escalation (to root!).

Wardle describes the entire process in technical detail if you’re interested but the flaw comes down to this:

To exploit Zoom, a local non-privileged attacker can simply replace or subvert the runwithroot script during an install (or upgrade?) to gain root access.

Then, a second flaw Wardle discovered allows access for hackers to access a Mac’s camera and mic and even record the screen, all without a user prompt.

Unfortunately, Zoom has (for reasons unbeknown to me), a specific “exclusion” that allows malicious code to be injected into its process space, where said code can piggy-back off Zoom’s (mic and camera) access! This give malicious code a way to either record Zoom meetings, or worse, access the mic and camera at arbitrary times (without the user access prompt)!

Zoom didn’t respond to TechCrunch after a request for comment. With the millions of people using Zoom with the current global health crisis, hopefully, we see a fix real fast!

FTC: We use income earning auto affiliate links. More.

Dock Wave USB C Qi charger
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.