![]() One of the most jarring aspects of this vulnerability is that it works even if you have uninstalled the Zoom app:Īdditionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. We tested the vulnerability using a link in Leitschuh’s Medium post and were immediately connected to a Zoom conference call with our Mac’s camera enabled. ![]() Thus, any website is able to “forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.” If you simply click a link, you’ll automatically join a Zoom conference call with your camera enabled, even if you no longer have the Zoom app installed. ![]() It’s that web server that is seemingly causing this vulnerability.Įssentially, the Zoom web server is running as a background process. When you install the Zoom app on your Mac, it also installs a web server, which “accepts requests regular browsers wouldn’t,” as detailed by The Verge. In a post on Medium, security researcher Jonathan Leitschuh outlined the flaw, which could let websites take over your Mac’s camera. ![]() Update: Zoom says it has a series of updates planned to address these security concerns.Ī new zero-day vulnerability has been disclosed for the Zoom video conference app on the Mac. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |