Patrick Wardle, a security researcher with Jamf, has uncovered two zero-day flaws in the Zoom macOS client version. The telecom and online class platform vulnerabilities have the potential to give local attackers root privileges, which subsequently allow the attackers to access the victims’ microphone and camera. The two flaws have emerged as the platform is under an increased level of scrutiny over security measures as a global movement towards working from home occurs. Zoom has experienced, naturally, a massive influx in users since US colleges and businesses went virtual.
This week, Wardle and his team stated that the two zero-days should be unsurprising considering Zoom’s history with cybersecurity, however, users should be wary of the application and its security practices. The zero-days require physical access to a victim’s computer, or a post malware infection attack that establishes a preexisting foothold on the system. The flaws stem from the Zoom installer’s use of AuthorizationExecuteWithPrivleges application programming interface (API).
Read More: Two Zoom Zero-Day Flaws Uncovered