Time to upgrade! Get an iPhone 12 mini + Unlimited Data for $60/mo

  • Forums
  • Shop
  • CES 2021
  • iPhone 12
  • Best VPN
  • iOS 14
  • Nintendo Switch
  • AirPods Pro
Uh oh

Zoom's pre-installation script workaround in macOS 'very shady'

"This is not strictly malicious but very shady and definitely leaves a bitter aftertaste."
Stephen Warwick
31 Mar 2020

Zoom InstallationSource: @c1truz

What you need to know

  • A malware expert has revealed that video-conferencing app Zoom has "very shady" installation protocols.
  • Zoom uses preinstallation scripts to bypass macOS security.
  • The finder notes that it's the same trick being used by macOS malware.

In another damning indictment on Zoom's privacy and security practices, a malware expert has revealed that Zoom's macOS installation protocol is "very shady".

In a tweet posted March 30, Twitter user @c1truz_ stated:

Ever wondered how the @zoom_us macOS installer does it's job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed).

This is not strictly malicious but very shady and definitely leaves a bitter aftertaste. The application is installed without the user giving his final consent and a highly misleading prompt is used to gain root privileges. The same tricks that are being used by macOS malware.

Ever wondered how the @zoom_us macOS installer does it’s job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed). pic.twitter.com/qgQ1XdU11M

— Felix (@c1truz_) March 30, 2020

The revelation is another mark of Zoom's apparently lax privacy and security practices. The app has risen to prominence following global lockdown and social-distancing measures that have forced many organizations to resort to remote working. Last week it emerged that Zoom was sending data to Facebook even if users didn't have a Facebook account, a problem that has now been fixed.

More recently, it emerged that Zoom calls are not end-to-end encrypted despite claims to the contrary. From that report:

In several instances within Zoom's security white paper, it mentions E2E encryption, and when you enable E2E, you can hover over the green padlock in the top left corner of a meeting and see the popup "Zoom is using an end to end encrypted connection." However, The Intercept claims that when it reached out to Zoom for comment a spokesperson stated:

"Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection."

Apple launches new Podcasts Spotlight, 'Celebrity Book Club' first feature
Spotlight

Apple launches new Podcasts Spotlight, 'Celebrity Book Club' first feature

Apple has today launched a new Podcasts Spotlight feature, a new editorial initiative designed to help listeners find some of the best shows out there.

Facebook delays controversial WhatsApp privacy changes
on hold

Facebook delays controversial WhatsApp privacy changes

Facebook has delayed enforcement of changes to its WhatsApp privacy policy following major public backlash and massive uptake of rival services like Signal and Telegram.

Snapchat testing dark mode on iPhone
Finally

Snapchat testing dark mode on iPhone

A new report says Snapchat is testing dark mode for iOS and the iPhone with a small number of exclusive users.

Great video editing software for your Mac
Video besties

Great video editing software for your Mac

You don't need to buy expensive video-editing software to get the job done. Here are some of the hottest video-editing software for Mac on the market today.

Keep in Touch

Sign up now to get the latest news, deals & more from iMore!

I would like to receive news and offers from other Future brands.

I would like to receive mail from Future partners.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.

  • News
  • apps
  • iPhone
  • iPad
  • Apple Watch
  • Apple TV
  • Mac
  • Reviews
  • How To
  • HomeKit
  • Forums

Other Categories

  • About Us
  • Newsletter
  • Fitness
  • Apps
  • Gaming
  • Deals
  • Advertising Inquiries
  • Licensing and Reprints
  • Accessibility Statement
  • Android Central
  • Windows Central
  • CrackBerry
  • Thrifter
  • TechnoBuffalo
  • MrMobile
Log in or Sign up
  • t
  • f
  • y
  • i
  • r

Brightness

  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement
  • © Future US, Inc.
  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Careers
  • Licensing
  • External Links Disclosure
  • Accessibility Statement