Security researchers have publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. They have demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. That is possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers would not. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention.

The vulnerability works: If you previously installed the Zoom app clicking on a link will auto-join you to a conference call with your camera on.  This Zoom vulnerability is bananas. The researchers had ethically given zoom 90-days notice of the vulnerability to solve the problem before going public with their findings. Zoom apparently chose to ignore the warnings or did not do enough to resolve the problem as the issue still continues to exist.

Turning on your camera is bad enough, but the existence of the web server on their computers could open up more significant problems for Mac users. For example, in an older version of Zoom (since patched), it was possible to enact a denial of service attack on Macs by constantly pinging the web server.

You can ‘patch’ the camera issue yourself by ensuring the Mac app is up to date and also disabling the setting that allows Zoom to turn your camera on when joining a meeting. Simply uninstalling Zoom will not fix this problem, as that web server persists on your Mac. Turning off the web server requires knowledge in using the terminal and running some commands with it.

Zoom says it developed the local web server in order to save the user some clicks, after Apple changed its Safari web browser in a way that requires Zoom users to confirm that they want to launch Zoom each time. Zoom defends the ‘workaround’ as a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator.”

The company says it will tweak the app in one small way: starting in July, Zoom will save users’ and administrators’ preferences for whether video will be turned on, or not, when they first join a call. Overall, it sounds like Zoom does not plan to drastically change how its app behaves on Macs to avoid getting sucked into an unwanted call, but will instead rely on users to turn their cameras off by default.


Read Today's News TODAY... on our Telegram Channel click here to join and receive all the latest updates t.me/thetimeskuwait