Mac 版 Zoom 補上了可能被駭客用來控制電腦的漏洞

ALBUQUERQUE, NEW MEXICO - AUGUST 17:  Bottles of hand sanitizer sit next to a laptop showing a Zoom meeting as students begin classes amid the coronavirus (COVID-19) pandemic on the first day of the fall 2020 semester at the University of New Mexico on August 17, 2020 in Albuquerque, New Mexico. To help prevent the spread of COVID-19, the university has moved to a hybrid instruction model that includes a mixture of in-person and remote classes. According to the school, about 70 percent of classes are being taught online.  (Photo by Sam Wasson/Getty Images)
ALBUQUERQUE, NEW MEXICO - AUGUST 17: Bottles of hand sanitizer sit next to a laptop showing a Zoom meeting as students begin classes amid the coronavirus (COVID-19) pandemic on the first day of the fall 2020 semester at the University of New Mexico on August 17, 2020 in Albuquerque, New Mexico. To help prevent the spread of COVID-19, the university has moved to a hybrid instruction model that includes a mixture of in-person and remote classes. According to the school, about 70 percent of classes are being taught online. (Photo by Sam Wasson/Getty Images)

不久前 Objective-See Foundation 創始人、安全專家 Patrick Wardle 在 Def-Con 活動上分享了關於 Zoom 自動更新功能中所存在數個漏洞的研究結果,此前對於 Wardle 的發現 Zoom 官方已經採取了部分行動。而現在他們又更新了一版 Mac 軟體,將 Wardle 於 Def-Con 上最新發表的漏洞補上。在 Wardle 的測試中,Zoom 檢查簽署的功能無法識破駭客的偽裝(給有問題的檔案換個特定名字就能騙過驗證),這令其有機會命令自動更新下載器去下載含有漏洞的舊版軟體。駭客藉此便能獲得 root 權限,進而對電腦進行控制。

不管怎麼說,Zoom 修補漏洞的速度還是值得肯定的。只是其軟體被爆出漏洞的頻率實在不低,但願官方接下來能加強審核力度,將風險都扼殺在搖籃裡吧。