Zoom! Zoom! Uh oh!

A serious zero-day cybersecurity vulnerability has been publicly disclosed for the Zoom Mac application. This vulnerability has the potential to affect over 4 million webcams and expose 750,000 businesses worldwide. This vulnerability allows any website to join a user to a Zoom conference call with the web camera automatically activated, not needing the user’s permission. This vulnerability with the Zoom application also allows the cyber-attacker to perform a denial of service against the user’s computer. Lastly, this version of the Zoom application self-installs a local web server on the user’s computer that can reinstall the Zoom application after the user uninstalls Zoom from their device.

Installing third party applications can be cost effective and time effective, but always come with a risk. It is important to know what settings and installation configurations you can do with any software or application. In this particular vulnerability, you can “self-patch” the web camera from automatically turning on in the settings by selecting the “turn off my video when joining a meeting” option.

Uncategorized