In addition, the server’s security flaw (for older versions of Zoom) also would have let websites complete a DoS (Denial of Service) attack on Macs “by repeatedly joining a user to an invalid call.” Leitschuh also noted that the DoS security flaw was patched in version 4.4.2 of the Zoom client. In fact, the server is so vulnerable that it allows other, potentially malicious websites, access to Mac webcams to “forcibly join a user to a Zoom call” and turn on their webcams without permission. But as Leitschuh notes, the local server feature “really hadn’t been implemented securely.” This local server is what allows Mac users to have one-click access to a Zoom video call.
ZOOM APP FOR MAC FOR MAC
According to Leitschuh’s post, the installation of the Zoom client for Mac doesn’t just come with the video calling app itself it also comes with a localhost web server that is also installed. (Users can join video calls with just a shared link and a click.) But it turns out that that particular easy-to-use feature is the source of the vulnerability. Zoom is well-known and used by countless companies precisely because of its ease of use. According to a Medium post published on Monday, July 8, by security researcher Jonathan Leitschuh, the Mac version of the Zoom app has a vulnerability that lets websites launch video calls (and turn on your webcam) without your permission.īut as of Wednesday, July 10, Apple decided to address Zoom’s security issue with a solution of its own: A silent Mac update that removes a problematic localhost web server that comes with the Mac version of the popular video conferencing app, TechCrunch reports.
Fitbit Versa 3Ī security researcher recently discovered that the Zoom app has a pretty troubling security flaw for those who use the app on Macs.