Stay calm: First of all, the security flaws require local access to your Mac, which means someone malicious has to physically use your computer to make it happen. So it’s of less concern than, say, a hack that can work remotely, over the internet. The details: The first bug involves how Zoom gets installed on Mac. A local attacker who even has low-level system privileges can add malicious code to the Zoom installer to grant themselves root access, which is the highest level possible on Mac. The attacker can then do basically whatever they want on your system, including running spyware or malware on it. The second vulnerability involves an ability to add malicious code to Zoom to give the attacker access to your webcam and microphone. They can then watch and record your video stream and hear what you’re saying in meetings. When will this be fixed: So far, Zoom hasn’t made any fixes to its app, but it’s likely they will. Don’t over worry: Yes, this is a big deal in the sense that we’re all using any and every tool out there to manage our pandemic stay-at-home business and personal lives, and we have to be aware of issues like this. Of course, don’t let anyone you don’t know use your Mac, but also make sure you know the potential risks when using Zoom or other software that may also have vulnerabilities that aren’t discovered because they’re less popular. Ultimately, whether you continue to use Zoom or not, be sure to update it when the new vulnerabilities (there are also some for Windows) are patched. Via: TechCrunch
