Zoom Meeting Solution Stuck in Privacy Hole

By

The macOS Client of Zoom exposes users machines to malicious attacks.

Zoom, which is considered a market leader in Gartner's Magic Quadrant for Meeting Solutions, is a popular solution for businesses to conduct online meetings. But the service is caught in an endless loop of privacy invasion and security vulnerabilities. 

Security expert, Jonathan Leitschuh recently reported that “a vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.”

Removing Zoom wouldn’t fix the problem, because the ‘localhost’ web server running on the machine will re-install the Zoom client without user permission. 

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will re-install the Zoom client, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day, said Leitschuh.

According to The HackerNews, any website you're visiting in your web browser can turn on your device camera without your permission.

Zoom has released some updates to fix the issues, but those who use Zoom for business meetings should be aware of looming problems.

07/16/2019

Related content

  • VDI Basics

    For years, the replacement of physical PCs with virtual PCs has been touted as a mass movement, but so far, the revolution has not taken place. We explore the background.

  • The pros and cons of a virtual desktop infrastructure
    For years, the replacement of physical PCs with virtual PCs has been touted as a mass movement, but so far, the revolution has not taken place. We explore the background.
  • Mobile PC Monitor

    Monitoring your internal server environment just became easier with MMSOFT Design’s Mobile PC Monitor software.

  • Continuous upgrades for Windows 10
    The new Windows 10 update strategy, called an in-place upgrade, requires some manual adjustments for third-party components, as well as accommodations for multilingual and non-English enterprises.
  • Software-defined storage with LizardFS
    Standard hardware plus LizardFS equals a resilient, flexible, and configurable POSIX-compliant storage pool.
comments powered by Disqus