You just reported a major security vulnerability in the Zoom platform. Now the CEO of Zoom wants to chat…via Zoom. What do you do? Security researcher Patrick Wardle of Jamf joins us to talk about it, his recent Zoom 0day, the state of Mac (in)security and his hot date in Moscow.
You just made headlines around the world for discovering and disclosing a major security vulnerability in the Zoom platform. Now the CEO of Zoom wants to chat…via Zoom. What do you do?
That was the position our guest this week found himself in. Patrick Wardle is a Principle Security Researcher at the firm JAMF. In April, he made headlines for disclosing a zero day vulnerability in the Zoom client – one that could have been used by an attacker to escalate their privileges on a compromised machines. That earned him a conversation with Zoom’s CEO that took place – to Wardle’s dismay – via Zoom.
Wardle is a former NSA hacker who is even better known as one of the premiere authorities on the security of Apple devices including its iOS and OS X operating systems. He’s also the founder of Objective See, an open source community that has produced a wide range of security and monitoring tools for the Mac operating system.
Patrick joined us in the Security Ledger Studio to talk about his work exploring the security of Apple’s software and his recent analysis of the Zoom client. Along the way, we ask Patrick whether Zoom is really less secure than other web conferencing applications, hear his thoughts on the latest threat trends for Mac users and we hear about how a hot date in Moscow gave birth to a Mac security monitoring tool.
To start off, I asked Patrick to talk a bit about himself and his work at Jamf. Check out our full conversation above.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.