DEF CON Forum Site Header Art


No announcement yet.

Patrick Wardle - You’re <s>Muted</s> Rooted

  • Filter
  • Time
  • Show
Clear All
new posts

  • Patrick Wardle - You’re <s>Muted</s> Rooted

    Patrick Wardle - You’re Muted Rooted

    Patrick Wardle, Founder, Objective-See Foundation, he/him

    Presentation Title: You’re Muted Rooted Exploiting Zoom on macOS

    Length of presentation: 45 minutes

    Demo, Tool, Exploit

    With a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn't jumping on weekly (daily?) Zoom calls?

    In this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root.

    The first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component.

    After detailing both root cause analysis and full exploitation of these flaws, we’ll end the talk by showing how such issues could be avoided …both by Zoom, but also in other macOS applications.


    Patrick Wardle is the creator of the non-profit Objective-See Foundation, author of the “The Art of Mac Malware” book series, and founder of the “Objective by the Sea” macOS Security conference.

    Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.

    Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.


    The 'S' in Zoom, Stands for Security

    uncovering (local) security flaws in Zoom's latest macOS client


    Note: This is (just) my previous research on Zoom. Both bugs in this talk are brand new.

    Last edited by number6; June 26, 2022, 12:15.