Security News About Mac and Zoom: A Critical Security Flaw Exposed
Did you know that your Mac’s webcam could have been hijacked? A severe Zoom security flaw lets Mac users be added to video calls without consent.
Zoom’s Security Vulnerability: What Happened?
A flaw in the Mac Zoom client lets malicious websites access Mac cameras without permission. Security researcher Jonathan Leitschuh discovered this alarming issue.
Leitschuh found a zero-day vulnerability that lets websites force Mac users into Zoom calls. The flaw also turned on webcams without user knowledge. Additionally, it allowed web pages to trigger Denial of Service (DOS) attacks by repeatedly forcing users to join invalid calls.
Even after uninstalling Zoom, the software could be remotely reinstalled. This happened due to Zoom’s local web server mechanism.
How Can Mac Users Protect Themselves?
Leitschuh advised Mac users to update Zoom to the latest version. He also recommended changing the settings to “Turn off my video when joining a meeting.”
Webcams can be an entry point for security breaches. Many users place tape over their cameras for extra protection.
Zoom Patches the Vulnerability—But Was It Too Late?
Zoom has since patched the flaw. However, up to 750,000 organizations using Zoom were exposed.
Leitschuh reported the issue to Zoom on March 26, 2019, giving them 90 days to fix it. Zoom took 10 days to confirm the flaw. They didn’t hold a meeting about a fix until June 11—just 18 days before the disclosure deadline. A partial fix was issued, but it regressed on July 7, once again allowing webcams to activate without consent.
Zoom’s Official Response
Zoom defended its use of a local web server on Mac devices. They claimed it was a workaround for Safari 12, which required users to accept launching Zoom for each meeting. The company stated:
“We feel that this is a legitimate solution to a poor user experience, enabling our users to have seamless one-click-to-join meetings, which is our key product differentiator.”
Zoom also said they had no records of Denial of Service attacks or active exploitation of the flaw. However, they confirmed they had fixed the issue by May.
Final Thoughts
The security flaw has been patched, but this case highlights the need for vigilance. Mac users should always keep software updated and adjust security settings. Taking proactive steps can help protect devices from cyber threats. Check-in for updates for Security News About Mac and Zoom.
