One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 1633762 |
| Date de publication | 2020-04-02 03:48:00 (vue: 2020-04-02 11:00:40) |
| Titre | Weakness in Zoom for macOS allows local attackers to hijack camera and microphone |
| Texte | The Zoom video conferencing client for macOS does not take full advantage of the application hardening features the operating system offers, which could allow local malware to elevate its privileges or access the camera and microphone without the user's knowledge. The issues, which stem from insecure use of system APIs, were revealed Wednesday by security researcher Patrick Wardle on his blog. Wardle has a long history of macOS security research, which includes finding vulnerabilities, analyzing malware and writing security tools for Apple's platform.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Exploiting the two flaws requires attackers to already have local code execution access on the machine, but this does not mean they're not serious issues, since local code execution with limited user privileges can be achieved in a variety of ways. Furthermore, Wardle believes the problems could have been easily avoided by Zoom because the attack techniques have been documented by himself and other researchers in the past in blog posts and at security conferences. |
| Envoyé | Oui |
| Condensat | access achieved advantage allow allows already analyzing apis apple application article attack attackers avoided because been believes blog boost but camera can career certifications: click client code cold conferences conferencing cost could cso cyber documented does easily elevate execution exploiting features finding flaws from full furthermore give going hardening has have here hijack himself his history hot includes insecure issues its keep knowledge limited local long machine macos malware mean microphone need newsletters not offers operating other past patrick platform please posts privileges problems read requires research researcher researchers revealed security serious sign since stem system take techniques they tools top trends two use user variety video vulnerabilities wardle ways weakness wednesday what which who without writing your zoom |
| Tags | Malware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.