Zoom macOS app quietly added back cs.disable-library-validation entitlement
by nuker on Hacker News.
So the CVE-2020-11470 is back. “This effectively disables code signature verification for its dynamic libraries and enables a code injection attack that Wardle calls “dylib proxying”. It’s not clear why Zoom uses this exception since its own libraries appear to be properly signed.” https://ift.tt/QEM9OnF Check latest pkg with Suspicious Package [0] analyzer. [0] https://ift.tt/yUwaQbL