Technology

Zoom’s auto update feature could exploit vulnerability in Mac OS

The vulnerability in Apple’s MacBook OS could have been exploited by attackers using the auto-update feature from Zoom video calling app

The vulnerability in Apple’s MacBook OS could have been exploited by attackers using the auto-update feature from Zoom video calling app | Photo Credit: Reuters

The alert has been issued for vulnerabilities in Apple’s operating systems including iPad OS and iOS, that can be exploited by remote attackers to execute arbitrary codes on targeted systems. 

(Sign up to our Technology newsletter, Today’s Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

The threat alert from CERT-In noted that the vulnerability exists due to out-of-bounds write in kernel and WebKit components of the software. The vulnerability has been noted to be used by remote attackers by enticing victims to open specially crafted files. 

Zoom, a video-calling app, in its security bulletin acknowledged that the vulnerabilities in Apple’s software and its auto update process could be exploited by attackers to escalate their privileges to root files in Mac OS, thereby compromising the security of the affected systems. 

In Apple’s kernel process, the vulnerability, according to information on its website, can allow an application to execute arbitrary code with kernel privileges. In the WebKit the vulnerability was found to be used by processing maliciously crafted web content that could lead to arbitrary code execution. 

In iOS and iPad OS the vulnerabilities were found to affect versions 15.6.1. “Apple is aware of a report that this issue may have been actively exploited”, the company stated in its website. 

Both Apple and Zoom have advised users to update to their latest security patches to fix the vulnerability. 

CERT-In, earlier this month, had also released alerts for high severity vulnerabilities in Mac OS, iPad OS, and iOS that could have been exploited by attackers to execute arbitrary code and bypass security restrictions on affected devices. 


Our code of editorial values

  1. Comments will be moderated by The Hindu editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

Printable version | Aug 18, 2022 6:12:36 pm | https://www.thehindu.com/sci-tech/technology/zooms-auto-update-feature-could-exploit-vulnerability-in-mac-os/article65783570.ece