Remove Zoom From Your Mac Right Now [lifehacker.com]
Serious Zoom security flaw could let websites hijack Mac cameras [www.theverge.com]
Flaw in Zoom's Mac client allows websites to turn on user cameras without permission [appleinsider.com]
How to secure your Zoom conference line from hackers [www.techrepublic.com]
Zoom camera flaw could leave Macs vulnerable, researcher says [www.usatoday.com]
Response to Video-On Concern [blog.zoom.us]
Anyone for unintended ChatRoulette? Zoom installs hidden Mac web server to allow auto-join video conferencing [www.theregister.co.uk]
Vulnerability in Zoom could allow websites to hijack Mac webcams [www.siliconrepublic.com]
A Zoom Flaw Gives Hackers Easy Access to Your Webcam [www.wired.com]
Zoom leaves Apple Mac users' webcams vulnerable to being hijacked [www.businessinsider.com]
Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! [medium.com]
Login to comment
You really need to stop using Zoom (and uninstall it) right now. They literally don’t know what they’re doing. Completely PR-talk response without any real solution to severe security vulnerability (including taking video and audio of you and crashing your computer). https://t.co/2Riy3pmSOq— Thomas Fuchs ? (@thomasfuchs) July 9, 2019
If you have ever installed Zoom on your Mac (even if you later uninstalled it) there is a localhost web server running on your machine to make reinstallation easier. But there are some problems with how it is done.— Ray[REDACTED] (@RayRedacted) July 8, 2019
You might want to read this.
Seriously if you have ever used Zoom on your Mac, even _if you uninstalled_ it, anyone can connect to your camera without you being prompted.— Thomas Fuchs ? (@thomasfuchs) July 9, 2019
Zoom didn't patch this even with 90-day heads-up time given by the security researcher.
See the article for mitigation. https://t.co/6enThMYqVM
Surprised Apple hasn’t flipped an XProtect kill-switch to disable Zoom’s daemons remotely. I don’t think that would be an overreach, faced with a story like this? ?— Steve Troughton-Smith (@stroughtonsmith) July 9, 2019
Disasters like Zoom are why the Mac gets progressively more locked-down, and why commandline tools and daemons can’t be exempt from signing & security. By default, we should trust no software, and neither should the hardware it runs on https://t.co/OmYhPvFanR— Steve Troughton-Smith (@stroughtonsmith) July 9, 2019
This is my #ZeroDay #PublicDisclosure of a security vulnerability impacting 4+ Million of @zoom_us's users who have the Zoom Client installed on Mac.— Jonathan Leitschuh (@JLLeitschuh) July 8, 2019
Zoom had 90-days + two weeks to resolve this #vulnerability and failed to do so.https://t.co/hvsoS79bos
wrt the "simple Zoom feature where you can just send anyone a meeting link...I was curious about how this amazing bit of functionality was implemented and how it had been implemented securely. Come to find out, it really hadn’t been implemented securely."https://t.co/TO3MkygJXJ— adriennefriend (@adriennefriend) July 9, 2019
The flipside to responsible disclosure: failure to patch a critical vulnerability in 90 days makes a software vendor irresponsible and it's a good thing for their irresponsibility to become public knowledge sooner than later https://t.co/9i2ZU5XZp1— Tony "ABOLISH ICE" Arcieri (@bascule) July 8, 2019
What an amazingly misleading response from @zoom_us to the situation. https://t.co/cZsXloT5lr— Perry E. Metzger (@perrymetzger) July 9, 2019
I'm not touching their software again. Their initial architectural decisions were terrible, their response to the report was terrible, their response after the fact is terrible.
By far the most ~disastrous response I've seen to a security issue— Abhishek Das (@abhshkdz) July 9, 2019
"We are not alone ... in implementing this"
"Zoom decided not to change the application ..."
Also an unusual NDA that doesn't allow disclosure even after it's patched (if ever)https://t.co/1OEi7QlzoZ
So not good.— ((( ted_dunning ))) (@ted_dunning) July 9, 2019
If you have used the zoom app on a mac, it installed a persistent web server on your machine. Even if you delete their application, this web server persists and stays running. Not a normal app, it's in a hidden directory (.zoomus). 1/2https://t.co/vZcf0Z6gup
Login to comment
? Vulnerability in the Mac Zoom client allows malicious websites to turn your camera on without your permission, uninstalling Zoom doesn't help with the problem either, but you can take the appropriate security steps necessary outlined here ?: https://t.co/DSq9CVGbk3 #ZeroDay— DEBORAH ZHANG ????? she/her (@itsdeborahzhang) July 9, 2019
For #Mac users there is serious security issue if you have ever installed #Zoom conferencing software. Even if you have uninstalled it later or try to uninstall it now. Zoom installs a web server which stays there. Insanely stupid and dangerous design.https://t.co/5CSP3SQBHC— Harri Hursti (@HarriHursti) July 9, 2019
Scary Zoom camera vulnerability reported on Macs @TheVerge! At least one Zoom-based summer class (mine) begins 7/15/19, others possibly ongoing: https://t.co/dnf6ICwtnt @katiekraemer512 @Yaasmeenaaa @ESUniversity @StroudCourier @EastStroudsburg @drdwells @PoconoCameron @zoom_us— Bill Broun (@Broun) July 9, 2019
This is amongst the worst non-apology apologies I've ever seen, @zoom_us.— Rob Griffiths (@rgriff) July 9, 2019
You installed a web server to get around a feature that Apple added to prevent the very thing that a researcher has determined your web server allows.
That's insanely stupid.https://t.co/Ck0CGvcpz8 pic.twitter.com/AqYexcymf8
If you EVER installed Zoom, even if you removed the app, ANYBODY could forcibly start a call, enabling your webcam and listening in.— Nextcloud ?☁️? (@Nextclouders) July 10, 2019
Another case for #selfhosting - yes, if you remove #nextcloud Talk from your server, it won't zombie back. Stay in control!https://t.co/8fMPLbYGOk
#Zoom Zero Day: 4+ Million #Webcams & maybe an RCE? Just get them to visit your website!.#Birmingham #SmallBusiness #BrumHour #Malware #RansomWare #Phishing #CryptoMining #Virus #Trojan #Security #IdentityTheft #Privacy #smallbizbritain2019https://t.co/jEyPtJtILp— John Quinlan (@speeednet) July 10, 2019
Twitter: why did @JLLeitschuh's public disclosure of the Zoom vulnerability have nearly zero impact on its stock price?— Andy Coravos (@AndreaCoravos) July 9, 2019
Are shareholders completely out the loop -- how did this not impact its valuation? (wtf capitalism) https://t.co/mcOa2WoN0z pic.twitter.com/XaCfqjTX7G
Login to comment