Before you log into Zoom to start your next video call, you should take a few minutes before you join to update your app. Zoom recently released a security patch for a major hole that could let a hacker take over your whole machine. The vulnerability, discovered by Patrick Wardle of the Objective-See Foundation, involves Zoom's automatic updater, which works as a root user and doesn't require a user password. When the updater runs, it checks to see if the software updates are signed by Zoom, but Wardle discovered that it was only checking if the file has the same name as the signing certificate.

https://www.macworld.com/article/832415/zoom-flaw-root-access-update-5-11-5.html

#macworld