via appleinsider
Increased usage of video conferencing app and service Zoom during the coronavirus outbreak is leading to more security issues being uncovered. As well as previously sending user data to Facebook, which it says it has fixed, it has now been accused of two separate security issues.
Twitter user @c1truz_, technical lead for malware tracker VMRay, reports that Zoom’s Mac app installer uses preinstallation scripts and allegedly displays a faked macOS system message.
“This is not strictly malicious, but very shady and definitely leaves a bitter aftertaste,” continues @c1truz_, “The application is installed without the user giving his [or her] final consent and a highly misleading prompt is used to gain root privileges.”
“[These are the] same tricks that are being used by macOS malware,” he concludes.
Zoom’s product development team is largely located in …wait for it… China.
h/t SG