The worst part is that this prompt misleadingly looks like it’s generated by the system rather than by Zoom. It engages the notorious ‘AuthorizationExecuteWithPrivileges’ API and displays a dialog requesting the admin password in situations where the current user has no root permissions to make changes to the Applications folder on the machine. To top it off, Zoom additionally plays a sketchy trick to escalate its privileges on a Mac as part of the installation. However, this actually begins the installation of Zoom, which means that the compatibility popup isn’t all fair and square. The average user will think this is just one of the installation steps and will click “Continue”. The problem is, Zoom skips these technicalities and simply displays a request to allow the tool to determine whether it’s compatible with the Mac. As a rule, the usual setup workflow includes a number of screens allowing the user to adjust and confirm the intended action. When a new participant joins a virtual meeting, they get a prompt to download and install the app onto their machine – so far so good. One of the oddities is about the way Zoom executes the installation process on a Mac. Dubious setup with a flavor of privilege escalation
Researchers have recently unearthed several flaws in this application that can be exploited to infect Mac computers with malicious code and eavesdrop on users. Unfortunately, this doesn’t appear to be the case with Zoom. With organizations relying so heavily on this type of software these days, robust security and privacy implementation is more than welcome. The role of virtual meeting tools in this paradigm is to fill the communication void by providing a way for teams to solve day-to-day tasks outside the office.
The novel coronavirus pandemic is to blame for the global migration of workforce into the remote domain, which poses a slew of employee interaction challenges for businesses.
It doesn’t take a rocket scientist to grasp the whys and wherefores of the skyrocketing use of Zoom, a popular web conferencing and screen sharing solution.
0 kommentar(er)
