←back to thread

How the Zoom macOS installer does its job without you clicking ‘install’

(twitter.com)
796 points _Microft | 2 comments | 31 Mar 20 11:41 UTC | HN request time: 0.001s | source
Show context
lultimouomo ◴[31 Mar 20 12:08 UTC] No.22736730[source]
I think this also shows how macOS has been training users to enter their password in random dialogs that have absolutely nothing that identifies them as being legit OS dialogs. The dialog that Zoom uses could very well be sending the credentials to a remote server, and the user would be none the wiser.
replies(2): >>22736941 #>>22742904 #
Wowfunhappy ◴[31 Mar 20 12:44 UTC] No.22736941[source]
Note that in this case, it's still a legit OS dialog. Preflight scripts are very much built into the macOS pkg format, they're just not intended to be used like this.
replies(4): >>22737018 #>>22737061 #>>22738118 #>>22741908 #
lonelappde ◴[31 Mar 20 14:57 UTC] No.22738118[source]
Incorrect. Look at the second tweet in the thread. It's a phishing popup that misidentifies itself in order to steal priveleges intended for System, not Zoom.

https://mobile.twitter.com/c1truz_/status/124473767519161958...

replies(1): >>22738224 #
1. Wowfunhappy ◴[31 Mar 20 15:08 UTC] No.22738224[source]
That's still an OS prompt, they just put their own message at the top, as you're allowed to do.
replies(1): >>22741551 #
2. joshuaissac ◴[31 Mar 20 19:35 UTC] No.22741551[source]
Yes, they are allowed to put a fake message (identifying the requester as System instead of Zoom), but that does not make it OK.