Umcwaningi wezokuphepha uthole ubungozi obubili ethuluzini lokuvuselela isofthiwe yokushaya ucingo ngevidiyo Zoom ye-macOS evumele ukufinyelela kwezimpande. Ngemuva kokuthi inkampani ikhiphe ubungozi, le ndoda yathola ubungozi obusha.
Umcwaningi wezokuphepha uPatrick Wardle wabelane ngalokho akutholile emcimbini wokugebenga i-DefCon e-Las Vegas. Lapho, wachaza ukuthi ungadlula kanjani isheke lokusayina lethuluzi lokuvuselela elizenzakalelayo le-Zoom le-macOS. Ebucayini bokuqala, i-CVE-2022-28751, abasebenzisi bekufanele baguqule igama lefayela kuphela ukuze liqukathe amanani afanayo nesitifiketi ithuluzi lokubuyekeza elisifunayo. "Kufanele unikeze isofthiwe igama elithile futhi usudlulile ekulawuleni i-cryptographic ngokushesha," le ndoda itshele uWired.
U-Wardle wazise u-Zoom ngobungozi ekupheleni kuka-2021 futhi ukulungiswa okwakhululwa yinkampani kwakuqukethe ubungozi obusha, ngokusho kuka-Wardle. Ukwazile ukuthola i-updater.app ye-Zoom ye-macOS ukuthi yamukele inguqulo endala yesofthiwe yokushaya ividiyo, ngakho yaqala ukusabalalisa leyo nguqulo esikhundleni senguqulo yakamuva. Amaqembu anonya avele anikezwa ithuba lokusebenzisa ubungozi ku-software ye-Zoom endala ngobungozi be-CVE2022-22781. Ngiyezwa, ngoba i-Zoom manje isilungise ubungozi obubili ngenhla ngesibuyekezo.
Kepha i-Wardle iphinde yathola ubungozi lapho, i-CVE-2022-28756. Ngokusho kwale ndoda, okwamanje kungenzeka ukwenza izinguquko ephaketheni ngemuva kokuqinisekiswa kwephakheji lesoftware yisifaki se-Zoom. Iphakheji lesofthiwe igcina izimvume zayo zokufunda-ukubhala ku-macOS futhi isengalungiswa phakathi kokuhlolwa kwe-cryptographic nokufakwa. U-Zoom, ngakolunye uhlangothi, uphendule ekwambulweni okusha kuka-Wardle. Inkampani ithi isebenzela ukuthola isisombululo.