While the platform also provided automatic updates before this to enterprise users, this update "expands the intended audience to include all individual desktop client users who are not members of an enterprise organization.
However, regardless of the chosen update channel, critical Zoom client security updates will automatically roll out to all users with automatic updates enabled. The latest features and updates will be installed as soon as they're available when choosing the Fast update channel. Zoom users will be able to switch between Slow and Fast update frequencies, with less frequent updates and a focus on maximizing stability when the Slow option is selected. "Users can also change this preference at any time by checking or unchecking 'Automatically keep my Zoom up to date' under Zoom > Settings > General." When enabled, users will have the opportunity to opt-out of automatic updates for their desktop client after the first install or first update where this feature is present," said Jeromie Clark, Security & Privacy Technical Product Manager at Zoom. "For most individual users, automatic updates will be enabled by default. Zoom says that mobile device users can also keep their apps automatically updated through their respective app stores' built-in automated updaters. The new feature is currently available only for desktop Zoom clients on Windows and macOS, with the Linux platform not currently supported. In April 2020, when pandemic remote working led to a 500% increase in daily traffic to the Zoom download page, some critics said the company’s software was “a privacy disaster” and even malware.Zoom has announced today the launch of an automatic update feature designed to streamline the update process for desktop clients. It is not the first time Zoom’s focus on frictionless use has led to a security hole. Normally, the company tries to ensure that is safe by limiting the installer to only operate on code that has been cryptographically signed by Zoom, but the bug discovered by Wardle means that an attacker could trivially bypass that protection and convince the installer to load and run any malware they want. In order to make the user journey simpler, the installer continues to run in the background from the moment a user first installs zoom, and does so with “superuser” privileges, allowing it to change anything about the computer. Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. It targets the Zoom installer, which the company uses to enable frictionless automatic updates.
Discovered by an independent security researcher, Patrick Wardle – whose brother Jeremy invented the popular game Wordle – the vulnerability was first presented at the Def Con hacking conference in Las Vegas last week.
0 kommentar(er)
