Zoom Meeting Solution Stuck in Privacy Hole

By

The macOS Client of Zoom exposes users machines to malicious attacks.

Zoom, which is considered a market leader in Gartner's Magic Quadrant for Meeting Solutions, is a popular solution for businesses to conduct online meetings. But the service is caught in an endless loop of privacy invasion and security vulnerabilities. 

Security expert, Jonathan Leitschuh recently reported that “a vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.”

Removing Zoom wouldn’t fix the problem, because the ‘localhost’ web server running on the machine will re-install the Zoom client without user permission. 

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will re-install the Zoom client, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day, said Leitschuh.

According to The HackerNews, any website you're visiting in your web browser can turn on your device camera without your permission.

Zoom has released some updates to fix the issues, but those who use Zoom for business meetings should be aware of looming problems.

07/16/2019

Related content

  • News for Admins
    New ransomware targeting Linuxbased NAS devices; OpenSSH fixes side channel attacks; Purdue scientists build quantum gate; and NSF awards $10 million for supercomputer that emphasizes cloud integration
  • Apache OpenMeetings video conferencing platform
    The free video conferencing platform has comprehensive collaboration tools with instant messaging, whiteboards, screen sharing, and team features in document processing – and it can be hosted locally so sensitive corporate data is not exposed to cloud services.
  • Group policies on Windows Server 2022
    We discuss how to manage and secure clients with group policy object templates and look at some recommendations from various governmental and non-governmental security advocates.
  • Kopano Groupware – an open source productivity suite
    Kopano Groupware seeks to be more than a slot-in replacement for Microsoft Exchange. We reveal how you can commission the platform and the highlights it offers.
comments powered by Disqus