![]() ![]() ![]() Given the apparent speed and ease with which Zoom was able to emit a patch for the bug, dubbed CVE-2022-28756, you’re probably wondering why Wardle didn’t tell Zoom about the bug in advance, setting the day of his speech as the deadline for revealing the details. (We show you how to ensure you’re up to date in the What to do? section at the bottom of the article.) Zoom’s patch was… □… incomplete, I managed to bypass it □ ![]() Mahalos to for the (incredibly) quick fix! Īmusingly, if that is the right word, the patch to patch the incomplete patch was itself quickly found to be incomplete by researcher Csaba Fitzl, and the patch for the incomplete fix (5.11.5) was quickly superseded by a patch for the patch for the incomplete fix (5.11.6): Zoom immediately worked on a patch for the flaw, which was announced the next day in Zoom security bulletin ZSB-22018, earning a congratulatory reply from Wardle in the process: In the tweet, which followed his talk, Wardle noted:Ĭurrently there is no patch Slides with full details & PoC exploit: #0day /9dW7DdUm7P Was stoked to talk about (& live-demo □) a local priv-esc vulnerability in Zoom (for macOS). Mahalo to everybody who came to my talk "You're M̶u̶t̶e̶d̶ Rooted" □□ At the well-known DEF CON security shindig in Las Vegas, Nevada, last week, Mac cybersecurity researcher Patrick Wardle revealed a “get-root” elevation of privilege (EoP) bug in Zoom for Mac: ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |