As much of the country shifts to remote work in light of the COVID-19 pandemic, the videoconferencing software Zoom has experienced a boost in popularity. But the spotlight on Zoom has also illuminated some vulnerabilities in its security practices.
Just after two security researchers found a bug that could be abused to steal Windows passwords, another security researcher discovered two new bugs that can be used to take control of a Zoom user’s Mac. Patrick Wardle, a former NSA hacker and now principal security researcher at Jamf, exposed the bugs in a blog post Wednesday.
According to Wardle, the two bugs can be launched by a local attacker. When the bugs are exploited, the attacker has control over the vulnerable computer, and the first bug can be used to install malware and spyware. The second bug can give control of the victim’s webcam and microphone to the attacker.