Zoom Mac app watches you

Online now: Google [Bot], Majestic-12 [Bot]
Post Reply
ukimalefu Rebel? resistance? why not both?
User avatar
Serious Zoom security flaw could let websites hijack Mac cameras

Quote:
Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. That’s possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn’t. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention.


So do NOT install this Zoom app.
Dang; we have been using this for conference calls.
dv
User avatar
Here is an article written by Jonathan Leitschuh, the finder of this vulnerability.

It is MUCH worse than just the loss of control of a Mac's webcam while web browsing in that the Zoom software installs a web server INTO that Mac AND FAILS to UNinstall that server even when Zoom itself is uninstalled. That server will even re-install Zoom if it fails to find the Zoom software.

In Leitschuh's sub-section titled "Patch Yourself" he provides some steps to kill the server and to prevent that server from being re-installed with any future Zoom updates (well, unless the makers of Zoom put in some steps to get around THAT).

avkills, you may want to forward the above link to your IT folks so they can better assess the many problems with Zoom.
Lol, I already made a bash script that uninstalls everything including the server. We only have one IT person, we pretty much IT on our own; most of the guys I work with are computer savvy.

Fortunately, Zoom's website instructions for uninstalling includes removing the server app.
ukimalefu Rebel? resistance? why not both?
User avatar
Zoom fixes major Mac webcam security flaw with emergency patch

Quote:
Video conferencing provider Zoom has pushed out an emergency patch to address the zero-day vulnerability for Mac users that could potentially expose a live webcam feed to an attacker, launching you into a Zoom video chat you’d never intended to launch. The move is a surprise reversal of Zoom’s previous stance, in which the company treated the vulnerability as “low risk” and defended its use of a local web server that incidentally exposed Zoom users to potential attacks.

The fix, detailed in the latest update to Zoom’s blog post on the vulnerability, will now “remove the local web server entirely, once the Zoom client has been updated,” to take away the ability for a malicious third party to automatically activate webcams using a Zoom link. The vulnerability arises from the fact that Zoom installs a local web server onto Mac computers that install its application, which allows the platform to bypass security measures in Safari 12 that prompt users with a dialogue box to confirm the joining of a new meeting.

Probably because their entire Mac user base visited the page on how to uninstall it.
ukimalefu Rebel? resistance? why not both?
User avatar
avkills posted:
Probably because their entire Mac user base visited the page on how to uninstall it.


They did something, on purpose, to go around Apple's security measures. THAT is the big deal. SO what if they did actually "fix it", I'm not sure they can be trusted anymore.
Apple Pushes Automatic Mac Software Update to Remove Vulnerable Zoom Web Server

Quote:
Apple has now taken things one step further and pushed out a silent macOS update that removes the web server, reports TechCrunch. The update is deployed automatically, so users don't have to manually apply it in order for it to take effect.

Dan Airman Dan
User avatar
macaddict4life posted:
Apple Pushes Automatic Mac Software Update to Remove Vulnerable Zoom Web Server

Quote:
Apple has now taken things one step further and pushed out a silent macOS update that removes the web server, reports TechCrunch. The update is deployed automatically, so users don't have to manually apply it in order for it to take effect.

The update should have prevented any version of Zoom—past, present, and future—from running, and included an entry in /etc/hosts resolving their domain to 127.0.0.1. I mean, that’s where they want their stick fiddling web requests served from anyway, right?
Subsequent topic  /  Preceding topic
Post Reply

Zoom Mac app watches you