A cyber security expert has done a stunning research on the video conferencing application Zoom, which has been on the agenda lately. Examining the application’s macOS installation files, the expert said that Zoom loads as soon as the compressed files are opened.
The coronavirus epidemic that took place in Wuhan, China and affected the whole world, overturned the general order in the world. So much so that people have not been leaving their homes for a long time, they cannot spend time with their loved ones or friends. In addition, the business world has suffered great injuries due to the virus, and many companies with the possibility have switched from home to work.
The fact that the employees started to carry out their daily work from their homes also increased the interest in video conferencing applications. Because people needed such practices in order to be in contact with their colleagues. In this context, Zoom, which is one of the most preferred applications, is on the agenda with a very interesting subject.
Responsible of the macOS unit of VMRay, a Germany-based cyber security company, confused the consumers with the statements made on Twitter. The responsible, named Felix, found that the installation files Zoom prepared for macOS did some booting regardless of the consumer’s approval. Felix, who examined the codes of Zoom, also shared screenshots that supported his claims.
According to Felix’s claims, the download folder prepared by Zoom for macOS starts working directly using some boot scripts. This means that a macOS user downloads the download folder offered by Zoom and runs it via zip, directly starting the upload of some files. If a user who opens this folder has an administrator account, Zoom is automatically installed in the folders.
Another interesting claim of Felix is about users who do not have a manager account. For example, if a guest user installed this application via macOS, Zoom uses two auxiliary tools called “zoomAutenticationTool” and “AuthorizationExecuteWithPrivileges”, thereby granting the application access to root files.
Felix states that this is not intentional but that Zoom uses a method like this because it is installed without the user consent and the necessary permissions cannot be obtained. Felix states that this method is actually preferred by hackers who develop malware for macOS.