According to this article posted yesterday on Ars Technica, there is a major security hole in Zoom for the Mac. Zoom issued a security bulletin on Saturday. The article suggests that you should download the update directly from Zoom or click on your menu bar options to “Check for updates” rather than waiting for the auto-update, although if you’ve already updated since Saturday you’re probably ok.

The article goes into more detail; tl;dr is that Zoom’s installer is owned by and runs as root, and has a major bug that allows unsigned updates to be installed.

Resources