Zoom auto-update feature on Apple macOS brings security risks and vulnerabilities, a cybersecurity researcher recently revealed.
ALBUQUERQUE, NEW MEXICO - AUGUST 17: Bottles of hand sanitizer sit next to a laptop showing a Zoom meeting as students begin classes amid the coronavirus (COVID-19) pandemic on the first day of the fall 2020 semester at the University of New Mexico on August 17, 2020 in Albuquerque, New Mexico.
Back in 2021, Zoom introduced an auto-update feature for its desktop apps for Windows PC and Apple Mac users, keeping them up-to-date with the latest offerings of the video conferencing service.
But it turns out that seemingly harmless auto-update functionality brings doom to Mac users.
Zoom Auto Update Feature Security Risks for Apple Mac Users
The COVID-19 pandemic, which forced mortals across the globe to take meetings virtually, triggered the surprising rise of Zoom.
And as such, millions of people have installed the Zoom app on their PCs and MacBooks to keep up with never-ending video meetings.
However, it appears that the Zoom desktop client, specifically its automatic update function, might not be as safe as it looks, at least for Mac users.
As per the latest report by Wired, a cybersecurity expert revealed that the auto-update feature of Zoom brought some security risks along with it on Apple Mac machines.
The longtime security researcher for Macs, Patrick Wardle, revealed during the DefCon security conference in Las Vegas that he discovered the function exposed Mac users to vulnerabilities.
Wardle says that the security risks from Zoom allowed cyber attackers to take full control of the Macs of its targets.
The Mac security researcher told Wired that he got curious about how Zoom is pushing its automatic updates to its desktop users.
He says that "it seemed on the first pass that they were doing things securely, they had the right ideas."
However, upon further scrutiny, he found some flaws in the code of the video meeting platform.
Wardle went on to add that "the quality of the code was more suspect, and it appeared that no one was auditing it deeply enough."
It is worth noting that Zoom has already fixed the previous security risks that come with its auto-update feature.
But despite that, the Mac security expert says that the video conferencing platform has yet to patch his newly discovered security vulnerability. He also noted that he has not yet informed Zoom about it.
Read Also: Zoom Major Upgrade: How to Enable Auto-Generated Captions for Free Users
How Zoom Auto Updates Work
According to the news story by PC Mag, Zoom introduced auto-updates to its desktop clients for macOS and Windows late last year.
In this photo illustration a Zoom App logo is displayed on a smartphone on March 30, 2020 in Arlington, Virginia.
To be more precise, the service rolled out the new feature last Nov. 29 to all of its desktop users.
Zoom says it should bring security fixes immediately, along with refinements in the overall experience.
Wardle reveals that Zoom uses a standard macOS helper tool to install fresh updates instantly. But he discovered that the signature check of the service accepted virtually anything, allowing attackers to fool the system.
Related Article: Here are 5 Things You Probably Didn't Know You Can Do on Zoom
