Zoom installer does a stupid
theverge.com/2022/8/12/2330341

> When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom

> But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test — so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege

🤦‍♀️

Sign in to participate in the conversation
Mastodon for Tech Folks

mastodon.technology is shutting down by the end of 2022. Please migrate your data immediately. This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!