You’re <strike>Muted</strike>Rooted

Presented at DEF CON 30 (2022), Aug. 12, 2022, 1 p.m. (45 minutes)

With a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn't jumping on weekly (daily?) Zoom calls?

In this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root.

The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component.

After detailing both root cause analysis and full exploitation of these flaws, we’ll end the talk by showing how such issues could be avoided …both by Zoom, but also in other macOS applications.

Presenters:

• Patrick Wardle - Founder, Objective-See Foundation
  Patrick Wardle is the creator of the non-profit Objective-See Foundation, author of the “The Art of Mac Malware” book series, and founder of the “Objective by the Sea” macOS Security conference. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.

Links:

• https://forum.defcon.org/node/241830

Similar Presentations:

• Black Hat USA 2022 / XMPP Stanza Smuggling or How I Hacked Zoom
• May Contain Hackers (MCH2022) / Hacking the pandemic's most popular software: Zoom
• REcon 2022 / Zooming in on Zero-click Exploits