Zoom Meeting Solution Stuck in Privacy Hole

By

The macOS Client of Zoom exposes users machines to malicious attacks.

Zoom, which is considered a market leader in Gartner's Magic Quadrant for Meeting Solutions, is a popular solution for businesses to conduct online meetings. But the service is caught in an endless loop of privacy invasion and security vulnerabilities. 

Security expert, Jonathan Leitschuh recently reported that “a vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.”

Removing Zoom wouldn’t fix the problem, because the ‘localhost’ web server running on the machine will re-install the Zoom client without user permission. 

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will re-install the Zoom client, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day, said Leitschuh.

According to The HackerNews, any website you're visiting in your web browser can turn on your device camera without your permission.

Zoom has released some updates to fix the issues, but those who use Zoom for business meetings should be aware of looming problems.

07/16/2019

Related content

  • VDI Basics

    For years, the replacement of physical PCs with virtual PCs has been touted as a mass movement, but so far, the revolution has not taken place. We explore the background.

  • Prowling AWS
    Prowler is an AWS security best practices assessment, auditing, hardening, and forensics readiness tool.
  • The pros and cons of a virtual desktop infrastructure
    For years, the replacement of physical PCs with virtual PCs has been touted as a mass movement, but so far, the revolution has not taken place. We explore the background.
  • Solving the security problems of encrypted DNS
    DNS encryption offers WiFi users good protection in public spaces; however, in the enterprise, it prevents the evaluation and filtering of name resolution.
  • Mobile PC Monitor

    Monitoring your internal server environment just became easier with MMSOFT Design’s Mobile PC Monitor software.

comments powered by Disqus