A security researcher has disclosed vulnerabilities in Zoom, which is experiencing a record number of users amid the COVID-19 pandemic.
The researcher, who is a former NSA hacker named Patrick Wardle, found two bugs that hackers can use to take over a Zoom user’s Mac, and also allow them to control the webcam and microphone.
Once the hacker gains control of the user’s computer, they can install malware or spyware on it. The bugs exploit different ways that Zoom operates. For instance, since Zoom uses a way to install the Mac app without user interaction, hackers can inject the Zoom installer with malicious code.
Further, the bugs are able to take advantage of the way Zoom handles the webcam and microphone on Macs. Wardle notes that a hacker can inject malicious software into Zoom and trick it to believe that the attacker has the same permissions as Zoom.
Since Wardle has just recently gone public with these vulnerabilities, Zoom has yet to comment on them or provide a fix.
It seems that as Zoom gains popularity amid the COVID-19 pandemic, issues around the platform are coming to the surface. A recent Vice report notes that Zoom is reportedly leaking users’ email addresses and photos and giving strangers the ability to start a video call with them.
Last week, another Vice report noted that Zoom was sending analytics data to Facebook. The platform had to then update its iOS app in response to the issue. Lawmakers in the U.S. have asked the platform to implement security measures as its popularity continues to surge.