> funky stuff in the ground to bypass a lot of the usual install friction. Once it was discovered, Zoom's installation process became a little bit slower.
Why couldn't they keep it even after it was discovered?
I mean, they could have but it was in the press due to the installer operating as root to bypass the regular protections so it was damaging from a PR perspective
> Zoom uses the API to execute a bash script called runwithroot which is unpacked by the installer in a user-writable temporary directory. This means that any local application, including malware, could monitor the Zoom installation process, rewrite this script on the fly and add malicious code to it. This would allow it to take full control of the system.
https://www.csoonline.com/article/3535789/weakness-in-zoom-f...
> Zoom uses the API to execute a bash script called runwithroot which is unpacked by the installer in a user-writable temporary directory. This means that any local application, including malware, could monitor the Zoom installation process, rewrite this script on the fly and add malicious code to it. This would allow it to take full control of the system.