But it’s vital to do so: updates close security holes that could otherwise be used against you. We all get annoyed by pop-up messages reminding us to update a program, operating system, smartphone or tablet firmware.
To complete an update, you often have to restart a program, re-login, or even reboot. Ideally, bug fixes should be installed without the user even noticing, but this isn’t always possible. Timely delivery and easy installation of updates are important requirements for any modern piece of software. Theoretically, the vulnerability could also be exploited by malware, which otherwise would not cause serious damage to the user. But this is not an entirely unrealistic scenario: for example, the user might go for lunch and forget to lock their computer. To exploit the vulnerability, however, the attacker needed to have already had physical access to the computer, albeit without special rights. These bugs, in theory, made it possible to obtain so-called super-user rights, which allowed a would-be attacker to do whatever they want on the host computer. Long story short, a few of bugs were found in the automatic update system for am Apple Zoom client. The new problem in the Zoom videoconferencing client was highlighted by renowned researcher Patrick Wardle at DEF CON 30 in early August of this year. It ends with advice regarding what to do about it.
This post examines this latest security issue, and seeks to explain why holes in software sometimes crop up repeatedly in the same place. Fast-forward to August 2022, and a similar hole has been found (in terms of both location and exploitation consequences). In March 2020, as the whole world was just getting to grips with working remotely, a vulnerability was discovered in the installer of Zoom - one of the world’s prime remote communication tools - allowing arbitrary code execution on Apple computers.
0 kommentar(er)
