On This Zoom Vulnerability

Shitty company with a shitty service

What the fuck are those developers thinking when they design software like this? First, consider reading this from Jonathan Leitschuh:

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

So, let’s say you just removed the application. You think you are all fine now? Think again:

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

A hidden local web server on your machine without your consent??? WTF!

Full report is available here. If you have used Zoom conference service in the past from the Mac, Apple pushed out a silent update yesterday to fix the vulnerability according to TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

This update by Apple removes the remaining web server left by uninstalling Zoom. Thank you Apple for doing this. This is the exact move that you had to do.

Leave a Reply

Up ↑

%d bloggers like this: