(twitter.com)

796 points _Microft | 1 comments | 31 Mar 20 11:41 UTC | HN request time: 0.209s | source

Show context

factorialboy ◴[31 Mar 20 12:55 UTC] No.22737012[source]▶

Why isn't this categorized a major Mac OS vulnerability? If Zoom abuses preinstall scripts, what's to say others aren't.

replies(3): >>22737104 #>>22738160 #>>22738324 #

lonelappde ◴[31 Mar 20 15:02 UTC] No.22738160[source]▶

>>22737012 #

It's not a vulnerability, as the dialog says "run a program" and prompts for confirmation.

It's up to the user's imagination to consider what a program can do.

The prompt is terribly worded though.

replies(1): >>22747139 #

1. ddebernardy ◴[01 Apr 20 09:53 UTC] No.22747139[source]▶

>>22738160 #

It seems macOS could use virtualization or permissions to run these scripts in some throw away environment to get rid of the problem altogether. Preflight check programs shouldn't be able to write anything to disk.

↑

How the Zoom macOS installer does its job without you clicking ‘install’