YAZV - Yet Another Zoom Vulnerability

Thanks @ChrisUpchurch for sending this, yet another Zoom security vulnerability, my way.

TLDR; bad actors can gain root access on your Mac using the Zoom auto update software. Uninstall what you have, and install the latest version.

2 Likes

Just reiterating this point: the issue can’t be fixed with Zoom’s built-in update capability. (My first question was “Do I really need to manually uninstall?”, and the answer is bedgrudgingly “yes”).

(I am currently on my fourth attempt at uninstalling and reinstalling Office this week, so I am not in the mood to do more janitorial work because of mistakes by big tech software engineers, but alas.)

1 Like

I might have missed it, but where in the article could I find the information, that I have to uninstall Zoom?
I just found the information to start the update manually, and don‘t have to wait for the automatic update, to jump in sometime in the future!?

Fair point. Manual uninstall is probably unnecessary. But it is cathartic, y’know?

I never reinstalled zoom after the last snafu. I just use it in the browser – a minor inconvenience in my case, since my work uses a different conferencing system.

2 Likes

It is interesting, I just checked my Zoom-App, and while I got regular messages about automatic updates, it was stuck on version 5.10.4 which already was from April.
This teaches me once more, to not rely on the automatic updates, but check it, at least time by time… :angry:

1 Like

I figured since part of the old version ran as root, it was best to get rid of it all and reinstall.
I suppose I misread the article. Nonetheless, it’s not that big of a deal.

if Zoom was actually a secure app, it would take over the world…
I guess this is their version of “but we’ll put you next to England” as the old joke has it…