Zoom patches ‘malware-like’ macOS installer with latest update

Zoom is seeing a surge in popularity right now due to the ongoing global coronavirus pandemic, which is forcing a lot of work-from-home situations crop up.

But, with a lot more users suddenly using the service, there has been a lot more attention applied to the video conferencing service. In some instances the company can work out patches to fix discovered issues pretty quickly, and luckily this is one of those cases. As reported on Thursday by The Verge, Zoom has quickly patched its software to fix its macOS installer, which has been described as using “the same tricks that are being used by macOS malware”, which effectively bypasses Apple’s OS restrictions.

According to software engineer Felix Seele, who discovered the issue earlier this week, the Zoom app was being installed without obtaining final consent by the end user through a misleading prompt that automates the installation process. The discovery ultimately led to Zoom’s CEO, Eric S. Yuan, to tweet out a response on the matter earlier this week:

The update to the Zoom macOS app changes the method of installation entirely, now requiring direct, final consent by the end user to finish the installation process. According to Seele, that move was a bit unexpected:

They completely removed the preinstall stuff, so you now need to click through the installer as it ought to be,” explains Seele in a message to The Verge. The fake prompt has also been removed so users have to specifically click through and install Zoom. “I must say that I am impressed,” says Seele. “I expected them to maybe change the dialog, but since the ‘zero-click’ aspect was so important to them, I thought they would stick with the preinstall-trick.

This is a quick turnaround on a fix, just three days after it was made public and two days after Zoom’s CEO weighed in on the matter. The change is a good one, though, and gives users more control over the Zoom app’s installation. But this isn’t the only issue Zoom is facing, especially not on Macs.

Earlier this week we reported that a pair of new bugs can not only give an attacker full root access to a Mac, but also allow them to take over the computer’s webcam, microphone, and let them record the screen as well. And last year we reported that Zoom had a major vulnerability that would allow an attacker to gain access to a Mac’s webcam. Zoom had to issue an update to fix the problem, but so did Apple because the installation of the Zoom app on a Mac installed the web server as well. So even if the Zoom app was uninstalled after the fact, the vulnerability was still present.

With this latest case, though, it’s good to see a quick turnaround on the patch. Are you using Zoom more these days?