Zoom App Could Let Attackers Access Windows Passwords, Take Over Your Mac: Reports

One of the security issues within the Zoom app could allow attackers to gain root access of a Mac machine.

Advertisement
By Jagmeet Singh | Updated: 2 April 2020 11:29 IST
Highlights
  • Zoom seems to have UNC injection flaw on Windows
  • Security researchers have also found issues with its macOS version
  • Zoom, however, is yet to patch the flaws
Zoom App Could Let Attackers Access Windows Passwords, Take Over Your Mac: Reports

Zoom has gained huge popularity due to raise in work from home culture

Zoom meetings are happening all across the globe as a large number of people are currently working from home due to the coronavirus outbreak. The remote culture has indeed resulted in popularity for the video conferencing platform that was earlier trying to compete against Google's Hangouts Meet and Microsoft's Skype. However, its overnight popularity has also brought it into the limelight for security researchers who've started finding its alleged underlying vulnerabilities. Two such researchers claim to have found a security loophole that can give attackers access to Windows passwords. Another security researcher has noticed two flaws that can be used to silently gain access to a user's Mac and tap into its webcam and microphone.

The first serious flaw claimed to have been discovered in the Zoom app by a security researcher who goes by pseudonym g0dmode is about UNC paths. The Windows client is found to convert networking UNC paths into a clickable link in the chat message. This can be utilised by any attackers to capture Windows passwords, as noticed by security researcher Matthew Hickey, who operates Twitter account @HackerFantastic.

In addition to the UNC injection flaw, the Zoom app is said to have two distinct security loopholes that could allow attackers to gain root access and take over a user's Mac system.

Former NSA hacker and principal security researcher at Jamf Patrick Wardle has spotted the bugs that exist within the macOS version of the Zoom app. Both bugs are said to be initiated by a local attacker, someone who has physical control of the system, as noted by TechCrunch.

The attacker can gain access to the computer once exploited and install malware or spyware, without letting users know about the backdoor entry. The issue that allows unwanted access is due to the installer that can easily be injected with malicious code and used to obtain root-level user privileges.

Security researcher Felix Seele also highlighted the allegedly vulnerable macOS installer of the Zoom app in a tweet posted on Wednesday. “Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed),” he tweeted.

Advertisement

Aside from the unsafe installer, Wardle claims to have been able to find another security bug in the macOS variant of the Zoom app that can allow an attacker to inject malicious code to access the webcam and microphone of the system. The researcher was able to trick the client using his proof-of-concept.

“No additional prompts will be displayed, and the injected code was able to arbitrarily record audio and video,” Wardle wrote in a blog post while elaborating the security flaw.

Advertisement

Zoom hasn't yet fixed any of the reported flaws. However, Gadgets 360 has reached out to the company to understand its take on the fresh vulnerabilities that could impact several users worldwide -- given the growing adoption of the app due to the coronavirus outbreak.

It is important to note that apart from the four new security issues that have been discovered by the security researchers, Zoom was recently in the news for its misleading end-to-end encryption claim. The app was also found to have a flaw that exposes emails and photos of users. Furthermore, it is also under scrutiny in the US after users complained about being startled by porn during virtual meetings.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Zoom app, Zoom meetings, Zoom, macOS, Windows
Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo X200 FE Launched in India With 6,500mAh Battery, Compact Design
  2. Realme 15 Pro 5G Display, Battery Details Confirmed Ahead of India Launch
  3. iQOO Z10R India Launch Teased; May Get MediaTek Dimensity 7400 SoC
  4. Samsung Galaxy S25 FE Key Specifications Leaked: All Details
  5. Amazon Prime Day Sale: Do Not Miss Out on These Last Minute Deals
  6. OpenAI's Open-Source Reasoning AI Model Delayed Again Due to This Reason
  7. Amazon Prime Day Sale 2025 Highlights: Top Last-Minute Deals on Day 3
  1. OpenAI Says Its Open-Source Reasoning AI Model Is Delayed Indefinitely
  2. iPhone 17 Series Colour Options Spotted via Leaked Lens Protection Covers
  3. Samsung Galaxy F36 5G Confirmed to Launch Soon in India: All Details
  4. Samsung Galaxy S26+ or Galaxy S26 Edge May Launch With 50-Megapixel Ultrawide Camera
  5. Qualcomm Working On New Snapdragon SW6100 SoC for Wearables: Report
  6. Google Said to Be Adding a Search Bar to Gemini’s Android App
  7. Shubhanshu Shukla Bids Farewell from ISS, Honours India’s Space Legacy
  8. Realme 15 Pro 5G Display, Battery, Charging Features Revealed Ahead of July 24 India Launch
  9. Apple Smart Home Hub Launch Delayed to 2026: Mark Gurman
  10. Google Working On New AI Feature for Gboard to Improve Voice Typing Feature: Report
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.