Tus kws tshawb fawb txog kev ruaj ntseg tau tshawb pom ob qhov tsis zoo hauv video hu software hloov tshiab cuab yeej Zoom rau macOS uas tso cai rau hauv paus nkag. Tom qab lub tuam txhab patched qhov vulnerabilities, tus txiv neej nrhiav tau ib tug tshiab vulnerability.
Tus kws tshawb fawb txog kev ruaj ntseg Patrick Wardle tau qhia nws qhov kev tshawb pom ntawm DefCon hacking tshwm sim hauv Las Vegas. Nyob ntawd, nws tau piav qhia yuav ua li cas hla kev kos npe kos npe ntawm Zoom lub cuab yeej hloov kho tsis siv neeg rau macOS. Hauv thawj qhov tsis zoo, CVE-2022-28751, cov neeg siv tsuas yog yuav tsum tau hloov lub npe ntawm cov ntaub ntawv kom nws muaj cov txiaj ntsig zoo ib yam li daim ntawv pov thawj cov cuab yeej hloov tshiab tab tom nrhiav. "Koj tsuas yog yuav tsum muab lub npe software rau qee lub npe thiab koj tau dhau los ntawm kev tswj hwm cryptographic tsis muaj sijhawm," tus txiv neej hais rau Wired.
Wardle tau ceeb toom Zoom txog qhov muaj qhov tsis zoo thaum kawg ntawm 2021 thiab qhov kho uas lub tuam txhab tau tso tawm tom qab ntawd muaj qhov tsis zoo tshiab, raws li Wardle. Nws muaj peev xwm tau txais Zoom's updater.app rau macOS kom lees txais ib qho qub version ntawm video hu software, yog li nws tau pib faib cov ntawv ntawd es tsis yog cov ntawv tshiab tshaj plaws. Cov neeg phem tau muab lub sijhawm los siv qhov tsis zoo hauv Zoom software qub dhau los ntawm qhov tsis zoo CVE2022-22781. Tau, vim Zoom tam sim no tau kho ob qhov tsis zoo saum toj no los ntawm kev hloov tshiab.
Tab sis Wardle kuj pom muaj qhov tsis zoo nyob ntawd, CVE-2022-28756. Raws li tus txiv neej, tam sim no muaj peev xwm hloov pauv pob tom qab kev txheeb xyuas cov pob software los ntawm Zoom installer. Cov pob software khaws cia nws cov ntawv tso cai nyeem-sau hauv macOS thiab tseem tuaj yeem hloov kho ntawm kev kos duab cryptographic thiab kev teeb tsa. Zoom, lub sijhawm no, teb rau Wardle qhov kev tshwm sim tshiab. Lub tuam txhab hais tias nws tab tom ua haujlwm rau kev daws teeb meem.