Zoom installer does a stupid
theverge.com/2022/8/12/2330341

> When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom

> But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test — so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege

🤦‍♀️

Follow

@rysiek I’ve been dreaming of deleting zoom for ages now.

· · Tootle for Mastodon · 0 · 0 · 1
Sign in to participate in the conversation
ordinal.garden

a server for members of ordinal.garden