Skip to content
  • Home Home Home, current page.
  • About

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?
    New to Twitter?
    Sign up
c1truz_'s profile
Felix
Felix
Felix
@c1truz_

Tweets

Felix

@c1truz_

Technical Lead at @vmray, focused on macOS. Opinions are my cat's.

Bochum, Germany
Joined May 2008

Tweets

  • © 2020 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list

    Under 100 characters, optional
    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    Felix‏ @c1truz_ Mar 30

    Ever wondered how the @zoom_us macOS installer does it’s job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed).pic.twitter.com/qgQ1XdU11M

    2:26 PM - 30 Mar 2020
    • 4,102 Retweets
    • 8,559 Likes
    • Brandy Moore Sang Sepi Laith Kattan Tonya Buckley pie in our eye Absurd and Worse K3nZ0 Maximally 데자와
    213 replies 4,102 retweets 8,559 likes
      1. New conversation
      1. Felix‏ @c1truz_ Mar 30

        If the App is already installed but the current user is not admin, they use a helper tool called “zoomAutenticationTool” and the AuthorizationExecuteWithPrivileges API to spawn a password prompt identifying as “System” (!!) to gain root (including a typo).pic.twitter.com/gp9DVCoVCm

        24 replies 475 retweets 1,770 likes
        Show this thread
      2. Felix‏ @c1truz_ Mar 30

        This is not strictly malicious but very shady and definitely leaves a bitter aftertaste. The application is installed without the user giving his final consent and a highly misleading prompt is used to gain root privileges. The same tricks that are being used by macOS malware.

        20 replies 290 retweets 2,173 likes
        Show this thread
      3. Felix‏ @c1truz_ Mar 30

        Felix Retweeted Thomas Reed

        See also @thomasareedhttps://twitter.com/thomasareed/status/1244710295563632640 …

        Felix added,

        Thomas Reed @thomasareed
        Replying to @Agent_BGC @HardSoftnFloppy and 2 others
        Sure, there’s no doubt Zoom gives a good experience, on the surface. Under the hood, though, I had Zoom repeatedly float to the surface when teaching a workshop on how to identify suspicious behavior while doing malware hunting on macOS.
        13 replies 72 retweets 663 likes
        Show this thread
      4. Felix‏ @c1truz_ Apr 1

        I just published a more detailed blog post about this issue, giving some context and summarizing the security implicationshttps://www.vmray.com/cyber-security-blog/zoom-macos-installer-analysis-good-apps-behaving-badly/ …

        4 replies 49 retweets 150 likes
        Show this thread
      5. Felix‏ @c1truz_ Apr 2

        Felix Retweeted Felix

        Zoom released an updated which fixed the issues I foundhttps://twitter.com/c1truz_/status/1245767226499764225 …

        Felix added,

        Felix @c1truz_
        Zoom just released an update for the macOS installer which completely removes the questionable "preinstall"-technique and the faked password prompt. I must say that I am impressed. That was a swift and comprehensive reaction. Good work, @zoom_us! pic.twitter.com/vau556TyAa
        Show this thread
        2 replies 10 retweets 50 likes
        Show this thread
        6. End of conversation
      2. New conversation
      1. Cabel‏Verified account @cabel Mar 31
        Replying to @c1truz_ @steipete

        Cabel Retweeted Cabel

        Oh man we had the same thoughts today. You might appreciate this little detail too: https://twitter.com/cabel/status/1244788931427622912?s=21 …https://twitter.com/cabel/status/1244788931427622912 …

        Cabel added,

        CabelVerified account @cabel
        One thing that freaks me out about Zoom is that there are no Retina images on first launch, but later they just kind of… appear. I do wonder if they're not there in the first place because of this "Reitna" typo pic.twitter.com/DpAID5aG3g
        Show this thread
        2 replies 22 retweets 266 likes
      2. The Universe Knowing Itself‏ @fakecarlsagan Mar 31
        Replying to @cabel @c1truz_ @steipete

        From what I can tell, this insane packaging technique has been used for at least a year. I find it somewhat hilarious how many people discovered it at the same time I did.

        1 reply 4 retweets 86 likes
      3. 9 more replies
      3. New conversation
      1. Maxwell‏ @mxswd Mar 30
        Replying to @c1truz_ @patrickwardle @zoom_us

        that’s naughty. The install to /applications part isn’t very special though, non admin users can install to /applications right (or maybe just through MAS?)? (and then can’t delete the app)

        2 replies 0 retweets 11 likes
      2. Felix‏ @c1truz_ Mar 30
        Replying to @mxswd @patrickwardle @zoom_us

        No, you will get an authentication prompt if you try to modify /Applications as non-admin. Not sure about MAS atm

        2 replies 1 retweet 13 likes
      3. 1 more reply
      4. New conversation
      1. Eric S. Yuan‏Verified account @ericsyuan Mar 31
        Replying to @c1truz_ @zoom_us

        Thank you for your feedback! We implemented to balance the number of clicks given the limitations of the standard technology. To join a meeting from a Mac is not easy, that is why this method is used by Zoom and others. Your point is well taken and we will continue to improve.

        34 replies 9 retweets 138 likes
      2.  👨‍💻 𝙱𝚕𝚊𝚔𝚎 𝚆𝚊𝚕𝚜𝚑  🐶‏ @b_t_walsh Mar 31
        Replying to @ericsyuan @c1truz_ @zoom_us

        honest question: why not just distribute through the Mac App Store? (same goes for the Windows equivalent) people are increasingly learning not to trust "non store based" installers, and that's a good thing

        3 replies 3 retweets 93 likes
      3. 2 more replies

    Loading seems to be taking a while.

    Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

      Promoted Tweet

      false

      • © 2020 Twitter
      • About
      • Help Center
      • Terms
      • Privacy policy
      • Cookies
      • Ads info