Mac Zoom vulnerability allows any website to enable your webcam without permission.
A vulnerability in the Mac Zoom client allows any malicious website to enable your Mac webcam without your permission.
The flaw potentially exposes over 750,000 companies worldwide that use Zoom to conduct their day-to-day business, along with their estimated 4 million Mac users.
According to the founder of the vulnerability, security analyst Jonathan Leitschuh, users who have also uninstalled the Zoom client are vulnerable as the program leaves a host file that can easily reinstall the software without any user interaction.
Zoom are yet to release a permanent fix for the vulnerability however have released a quick fix. Their plans to permanently fix the vulnerability caused further concerns to security analysts and therefor were not implemented.
The vulnerability has been made public today as it is the end of the Public Disclosure Deadline. The PDD provides tech companies with 90 days to correct all vulnerabilities reported to them before the issue is made public.
There is however a way for Mac users to patch the vulnerability themselves. Users are able to disable the ability for Zoom to turn on your webcam when joining a meeting; ‘Zoom Settings – Video – Turn off my video when joining a meeting’.
To ensure that you are protected from the latest vulnerability it is imperative that you also install the latest security updates on all of your devices.