ZOOM曝出大BUG 可获得系统源访问权官方紧急修复

CNMO

16 Aug 2022

近日，疫情期间大火的视频会议软件ZOOM更新修复了一个BUG，该BUG可能会让恶意程序提升自身的安装能力，进而提高权限并控制系统。ZOOM这个BUG是由非营利Mac OS安全组织Objective-See基金会（Objective-See Foundation）的创始人Patrick Wardle首先发现的。Wardle在上周Def Con大会上介绍了ZOOM在安装或卸载时要求用户输入密码，而后在...

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2259889250"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2259889250\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2259889250?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2022-08-16 14:18","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2259889250","market":"hk","top_or_hot":-1,"title":"ZOOM曝出大BUG 可获得系统源访问权 官方紧急修复","media":"CNMO","content":"<div>\n<p>近日，疫情期间大火的视频会议软件ZOOM更新修复了一个BUG，该BUG可能会让恶意程序提升自身的安装能力，进而提高权限并控制系统。ZOOM这个BUG是由非营利Mac OS安全组织Objective-See基金会（Objective-See Foundation）的创始人Patrick Wardle首先发现的。Wardle在上周Def Con大会上介绍了ZOOM在安装或卸载时要求用户输入密码，而后在...</p>\n\n<a href=\"https://cj.sina.cn/article/normal_detail?url=https://finance.sina.com.cn/tech/2022-08-16/doc-imizirav8383606.shtml\">Source Link</a>\n\n</div>\n","source":"sina_symbol","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>ZOOM曝出大BUG 可获得系统源访问权 官方紧急修复</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nZOOM曝出大BUG 可获得系统源访问权 官方紧急修复\n</h2>\n\n<h4 class=\"meta\">\n\n\n2022-08-16 14:18 北京时间&nbsp;&nbsp;&nbsp;<a href=https://cj.sina.cn/article/normal_detail?url=https://finance.sina.com.cn/tech/2022-08-16/doc-imizirav8383606.shtml><strong>CNMO</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>近日，疫情期间大火的视频会议软件ZOOM更新修复了一个BUG，该BUG可能会让恶意程序提升自身的安装能力，进而提高权限并控制系统。ZOOM这个BUG是由非营利Mac OS安全组织Objective-See基金会（Objective-See Foundation）的创始人Patrick Wardle首先发现的。Wardle在上周Def Con大会上介绍了ZOOM在安装或卸载时要求用户输入密码，而后在...</p>\n\n<a href=\"https://cj.sina.cn/article/normal_detail?url=https://finance.sina.com.cn/tech/2022-08-16/doc-imizirav8383606.shtml\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4505","symbol_name":"高瓴资本持仓","start_time":0,"source_url":"https://cj.sina.cn/article/normal_detail?url=https://finance.sina.com.cn/tech/2022-08-16/doc-imizirav8383606.shtml","article_id":"2259889250","we_media_id":null,"thumbnails":[],"rights":{"source":"sina_symbol","url":"https://cj.sina.cn/article/normal_detail?url=https://finance.sina.com.cn/tech/2022-08-16/doc-imizirav8383606.shtml","rn_cache_url":null,"customStyle":"body{padding-top:10px;}.title{#titleStyle#}a{#lv2TextColor#}.extra-info, .source{#sourceStyle#;}","selectors":".module-article, article","filters":"header, .voice2, .tags, #norm_qrcode_link_auto, .unfold-box, .action","directOrigin":true},"url":"https://stock-news.laohu8.com/highlight/detail?id=2259889250","pubTimestamp":1660630702,"columns":[],"sourceInfo":{"source_id":"sina_symbol","name":"新浪媒体新闻"},"weMediaInfo":null,"summary":"近日，疫情期间大火的视频会议软件ZOOM更新修复了一个BUG，该BUG可能会让恶意程序提升自身的安装能力，进而提高权限并控制系统。虽然这本身非常安全，因为只有通过官方签名的ZOOM客户端，可以提取root权限。Wardle在演讲前向ZOOM透露了他的发现，BUG在一定程度上得到了解决，但在Wardle周六演讲时，一些问题依旧没能得到解决。不过，ZOOM在当天晚些时候发布了安全公告，随后很快发布了ZOOM 5.11.5版本的补丁以解决BUG。","collect":0,"end_time":0,"defaultTopTitle":"sina.cn","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BK4505":"高瓴资本持仓","BK4528":"SaaS概念","BUG":"Global X Cybersecurity ETF","BK4023":"应用软件","BK4525":"远程办公概念","BK4535":"淡马锡持仓","BK4554":"元宇宙及AR概念","BK4532":"文艺复兴科技持仓","BK4551":"寇图资本持仓","BK4548":"巴美列捷福持仓","ZM":"Zoom"},"translate_title":"ZOOM exposes a big BUG and can obtain official emergency repair of system source access rights","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"BUG":1,"ZM":1,"ZOOM":1},"content_text":"近日，疫情期间大火的视频会议软件ZOOM更新修复了一个BUG，该BUG可能会让恶意程序提升自身的安装能力，进而提高权限并控制系统。ZOOM这个BUG是由非营利Mac OS安全组织Objective-See基金会（Objective-See Foundation）的创始人Patrick Wardle首先发现的。Wardle在上周Def Con大会上介绍了ZOOM在安装或卸载时要求用户输入密码，而后在启用了默认的自动更新功能后，就不需要输入密码了。Wardle通过这一点发现ZOOM的更新程序会root机器。虽然这本身非常安全，因为只有通过官方签名的ZOOM客户端，可以提取root权限。可问题是，在自动安装程序对软件包的验证和实际安装过程之间有一个时间点，允许攻击者在更新中注入恶意代码。这意味着一些“有心人”在这期间可以用恶意代码获得对目标计算机的控制。Wardle在演讲前向ZOOM透露了他的发现，BUG在一定程度上得到了解决，但在Wardle周六演讲时，一些问题依旧没能得到解决。不过，ZOOM在当天晚些时候发布了安全公告，随后很快发布了ZOOM 5.11.5版本（9788）的补丁以解决BUG。","kind":"news","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":1,"code":"91000000","status":"200"}}}