Zoom Meeting Solution Stuck in Privacy Hole

By

The macOS Client of Zoom exposes users machines to malicious attacks.

Zoom, which is considered a market leader in Gartner's Magic Quadrant for Meeting Solutions, is a popular solution for businesses to conduct online meetings. But the service is caught in an endless loop of privacy invasion and security vulnerabilities. 

Security expert, Jonathan Leitschuh recently reported that “a vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.”

Removing Zoom wouldn’t fix the problem, because the ‘localhost’ web server running on the machine will re-install the Zoom client without user permission. 

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will re-install the Zoom client, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day, said Leitschuh.

According to The HackerNews, any website you're visiting in your web browser can turn on your device camera without your permission.

Zoom has released some updates to fix the issues, but those who use Zoom for business meetings should be aware of looming problems.

07/16/2019

Related content

  • Photo by Chris Montgomery on Unsplash
    Apache OpenMeetings video conferencing platform
    The free video conferencing platform has comprehensive collaboration tools with instant messaging, whiteboards, screen sharing, and team features in document processing – and it can be hosted locally so sensitive corporate data is not exposed to cloud services.
    more »
  • Photo by Jack Carter on Unsplash
    Group policies on Windows Server 2022
    We discuss how to manage and secure clients with group policy object templates and look at some recommendations from various governmental and non-governmental security advocates.
    more »
  • Lead Image © Klementiev, fotolio.com
    Kopano Groupware – an open source productivity suite
    Kopano Groupware seeks to be more than a slot-in replacement for Microsoft Exchange. We reveal how you can commission the platform and the highlights it offers.
    more »
  • VDI Basics

    For years, the replacement of physical PCs with virtual PCs has been touted as a mass movement, but so far, the revolution has not taken place. We explore the background.

    more »
  • Lead Image © Dmitry Naumov, 123RF.com
    Prowling AWS
    Prowler is an AWS security best practices assessment, auditing, hardening, and forensics readiness tool.
    more »
comments powered by Disqus