←back to thread

How the Zoom macOS installer does its job without you clicking ‘install’

(twitter.com)
796 points _Microft | 5 comments | 31 Mar 20 11:41 UTC | HN request time: 1.241s | source
1. factorialboy ◴[31 Mar 20 12:55 UTC] No.22737012[source]
Why isn't this categorized a major Mac OS vulnerability? If Zoom abuses preinstall scripts, what's to say others aren't.
replies(3): >>22737104 #>>22738160 #>>22738324 #
2. scumbert ◴[31 Mar 20 13:08 UTC] No.22737104[source]
Underrated take. They shouldn't be able to do this. This should flag Zoom as PUP for malware removal, if it weren't the new go-to.
3. lonelappde ◴[31 Mar 20 15:02 UTC] No.22738160[source]
It's not a vulnerability, as the dialog says "run a program" and prompts for confirmation.

It's up to the user's imagination to consider what a program can do.

The prompt is terribly worded though.

replies(1): >>22747139 #
4. ◴[31 Mar 20 15:18 UTC] No.22738324[source]
5. ddebernardy ◴[01 Apr 20 09:53 UTC] No.22747139[source]
It seems macOS could use virtualization or permissions to run these scripts in some throw away environment to get rid of the problem altogether. Preflight check programs shouldn't be able to write anything to disk.