![]() Slides with full details & PoC exploit: #0day /9dW7DdUm7P Was stoked to talk about (& live-demo □) a local priv-esc vulnerability in Zoom (for macOS). Mahalo to everybody who came to my talk "You're M̶u̶t̶e̶d̶ Rooted" □□ Zoom released the patch soon after Wardle explained to the conference audience how easy it was to access a user’s system using the vulnerability, gaining access to permissions such as modifying, deleting and adding files on the device. The flaw was revealed by Mac security researcher Patrick Wardle at Def Con, one of the world’s largest hacking conferences, held in Las Vegas last week. In a security bulletin update on Saturday (13 August), Zoom said version 5.7.3 to version 5.11.3 of its MacOS app contains a vulnerability in the auto-update process that can be exploited by a local low-privileged user to “escalate their privileges to root”. Zoom has issued a patch for a serious security flaw in its MacOS app that could allow a hacker to take control of a user’s operating system. First revealed by security researcher Patrick Wardle, certain versions of Zoom for MacOS contained a vulnerability that could give hackers root privileges.
0 Comments
Leave a Reply. |