1. New to Christmas lighting? Get started with the AusChristmasLighting 101 Manual:

PSA: Mac users should update Zoom - Vulnerability allows malicious websites to enable your camera

Discussion in 'The Family Room' started by ryanschristmaslights, Jul 10, 2019 at 9:55 PM.

  1. ryanschristmaslights

    ryanschristmaslights Senior Elf Administrator

    Jun 30, 2010
    Likes Received:
    Adelaide, Australia
    Find Me On:
    On July 9 2019, a security patch to address a vulnerability in the Zoom app on Mac devices has been released. Instructions for obtaining the patch are to either:
    • Download it at zoom.us/download.
    • Check for updates by opening your Zoom app window, clicking zoom.us in the top left corner of your screen, and then clicking Check for Updates.

    In short, Mac versions of Zoom install a local web server (as a background process) in addition to the primary application. It appears that this web server runs even when the Zoom application is closed and, according to details at the URL below, this background process makes it possible to forcibly have you join a meeting upon visiting a malicious or infected webpage. This vulnerability appears to apply to Mac devices even if you uninstalled Zoom previously, as the background process is not removed and apparently will silently re-install Zoom on your machine when a meeting URL is clicked (or maliciously loaded in an iframe).

    Zoom meetings can (unless this has been fixed by Zoom) be configured to automatically turn on participants' webcams when joining a meeting. Theoretically this could mean that someone could activate your webcam via the vulnerability that the security patch is supposed to address.

    Some of this wording is my own interpretation and may not be 100% correct. If you have ever installed Zoom on a Mac then you may like to read the original details at the URL below.


    View: https://twitter.com/zoom_us/status/1148710712241295361

    View: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
  2. Benslights

    Benslights Dedicated Elf Global Moderator

    May 2, 2010
    Likes Received:
    Find Me On:
    @Jarrad another reason!!!! lol
  3. Jarrad

    Jarrad I find your lack of Pixels Disturbing

    Dec 28, 2018
    Likes Received:
    Busselton WA
    trust me they will only access it once

Share This Page