Zoom for Mac Entitlements

less than 1 minute read

Zoom for macOS versions < v4.6.9 had a very dodgy installer, detailed extensively by Patrick Wardle and by Felix Seele.

The app itself had entitlements to circumvent the hardened runtime on the Mac:

Per Patrick:

However the com.apple.security.cs.disable-library-validation entitlement is interesting. In short it tells macOS, “hey, yah I still (kinda?) want the “Hardened Runtime”, but please allow any libraries to be loaded into my address space” …in other words, library injections are a go!

Zoom responded fairly quickly with an update:

Resolved an issue where a malicious party with local access could tamper with the Zoom installer to gain additional privileges to the computer
Resolved an issue where a malicious party with local access could gain access to a user’s webcam and microphone

So now let’s check the entitlements again:

com.apple.security.cs.disable-library-validation is gone, closing the security hole.

I still don’t trust it, so will be checking out alternatives.

James Stout

Zoom for Mac Entitlements

You May Also Enjoy

Automate Docker Image Updates on Synology NAS

Countly For iOS and Web Analytics

Fixing Nextcloud Conflicting Files

Firebase Crashlytics - Are They Having a Laugh?