Zoom rushes to fix its webcam-accessing flaw on Macs

By

Hackers
Flaw allowed hackers to access other people's webcams.
Photo: United Artists

Zoom conference calls are as much of a part of modern office working life as disagreements about the air-con system.

But security researcher Jonathan Leitschuh recently stumbled upon something extremely concerning. As discovered by Leitschuh, Zoom featured a vulnerability that allowed hackers to break into a target’s Mac webcam. This happened regardless of whether the Mac user was using Safari, Chrome or Firefox.

Fortunately, Zoom has, well, zoomed to correct it.

After Leitschuh posted his findings on Medium, Zoom sprang into action. It removed the local web server (crucial for the exploit) entirely on Mac devices. Instead of being able to use the web app, users are now asked to update their Zoom client.

The update also allows users to manually uninstall Zoom. A menu option on the software makes this a one button removal process. Clicking that button means that Zoom is completely removed from the user’s device, along with the user’s saved settings.

“The July 9 patch to the Zoom app on Mac devices detailed below is now live,” Zoom noted in the latest blog update on its webpage. “You may see a pop-up in Zoom to update your client, download it at zoom.us/download, or check for updates by opening your Zoom app window, clicking zoom.us in the top left corner of your screen, and then clicking Check for Updates.”

In his original Medium post, Jonathan Leitschuh noted that the vulnerability, “allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission. On top of this, [it] would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.”

Webcam vulnerabilities

Zoom isn’t the only recent vulnerability that allowed users to access other people’s webcams. At the start of this year, Apple came under fire when users discovered a serious flaw in FaceTime. This flaw, which Apple eventually fixed, let users drop in on other FaceTime contacts without their knowledge.

And, once again, we’re reminded of why the likes of Mark Zuckerberg use gaffer tape to block out the webcam on their computers!