Umphandi wezokhuseleko ufumene ubuthathaka obubini kwisixhobo sohlaziyo lwesoftware yokufowuna ividiyo Zoom ye-macOS evumele ukufikelela kweengcambu. Emva kokuba inkampani ibambe ubuthathaka, le ndoda yafumanisa ukuba semngciphekweni okutsha.
Umphandi woKhuseleko uPatrick Wardle wabelane ngezinto azifumeneyo kumsitho weDefCon wokuqhekeza eLas Vegas. Apho, wachaza indlela yokudlula utyikityo lwesixhobo sohlaziyo esizenzekelayo seZoom kwi-macOS. Kumngcipheko wokuqala, i-CVE-2022-28751, abasebenzisi kwafuneka batshintshe igama lefayile yefayile ukuze iqulathe amaxabiso afanayo nesatifikethi isixhobo sohlaziyo ebesifuna. "Kufuneka unike isoftware igama elithile kwaye udlulile kulawulo lwe-cryptographic ngokukhawuleza," le ndoda ixelele uWired.
UWardle waye wazisa uZoom malunga nokuba sesichengeni ekupheleni kuka-2021 kwaye ukulungiswa okukhutshwe yinkampani emva koko kwakunomngcipheko omtsha, ngokukaWardle. Ukwazile ukufumana i-Zoom's updater.app ye-macOS yokwamkela inguqulelo yakudala yesoftware yokufowuna ngevidiyo, ngoko yaqala ukusasaza olo guqulelo endaweni yolona guqulelo lwamva nje. Amaqela akhohlakeleyo anikwe ngequbuliso ithuba lokusebenzisa ubuthathaka kwisoftware yeZoom endala ngobungozi CVE2022-22781. Ndiyifumene, kuba iZoom ngoku ilungisile ubuthathaka obubini obungasentla ngohlaziyo.
Kodwa uWardle waphinda wafumana ubuthathaka apho, CVE-2022-28756. Ngokwale ndoda, okwangoku kuyenzeka ukuba wenze utshintsho kwiphakheji emva kokuqinisekiswa kwephakheji yesoftware ngumfaki weZoom. Iphakheji yesoftware igcina iimvume zayo zokufunda-ukubhala kwi-macOS kwaye isenokuguqulwa phakathi kwetshekhi ye-cryptographic kunye nofakelo. UZoom, okwangoku, uphendule kwizityhilelo ezintsha zikaWardle. Inkampani ithi isebenza kwisisombululo.