Certification Authority Apple Root CA.pkg“), this check could be bypassed. ![]() The problem is that by simply passing the verification checker the name of the package it was looking for (“ Zoom Video. ![]() It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. Enlarge / The gist of how Zoom’s auto-update utility allows for privilege escalation exploits, from Patrick Wardle’s Def Con talk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |