On the well-known DEF CON safety shindig in Las Vegas, Nevada, final week, Mac cybersecurity researcher Patrick Wardle revealed a “get-root” elevation of privilege (EoP) bug in Zoom for Mac:
Mahalo to all people who got here to my @defcon speak “You are M̶u̶t̶e̶d̶ Rooted”
Was stoked to speak about (& live-demo
) a neighborhood priv-esc vulnerability in Zoom (for macOS).
At the moment there isn’t a patch
Slides with full particulars & PoC exploit: https://t.co/viee0Yd5o2 #0day pic.twitter.com/9dW7DdUm7P
— patrick wardle (@patrickwardle) August 12, 2022
Within the tweet, which adopted his speak [2022-08-12], Wardle famous:
At the moment there isn’t a patch [:FRIED-EGG EYES DEPICTING ALARM EMOJI:] [:EDVARD MUNCH SCREAM EMOJI:]
Zoom instantly labored on a patch for the flaw, which was introduced the following day in Zoom safety bulletin ZSB-22018, incomes a congratulatory reply from Wardle within the course of:
Mahalos to @Zoom for the (extremely) fast repair! [:BOTH HANDS RAISED IN CELEBRATION AND WIGGLED ABOUT EMOJI:] [:PALMS PRESSED TOGETHER IN SIGN OF SPIRITUAL GOODWILL EMOJI:]
