Zoom for mac privacy3/28/2023 ![]() ![]() Updated with new information about the patch, and with an updated headline.Find out how to use one of Zoom’s best hidden collaboration features. This change will apply to all client platforms.” Users and system administrators can still configure their client video settings to turn OFF video when joining a meeting. It added: “As part of our July 2019 release, Zoom will apply and save the user’s video preference from their first Zoom meeting to all future Zoom meetings. Additionally, system administrators can pre-configure video settings for supported devices at the time of install or change the configuration at anytime.” For subsequent meetings, users can configure their client video settings to turn OFF video when joining a meeting. In a longer statement, the company said that currently, “All first-time Zoom users, upon joining their first meeting from a given device, are asked whether they would like their video to be turned OFF. Of note, we have no indication that this has ever happened.” This could, in theory, create the potential for a hacker to trick a target into joining a video meeting on camera. As such, the 4+ million users of Zoom on Mac are now vulnerable to an invasion of their privacy by using this service.”Ī Zoom spokesperson told TechCrunch: “Zoom is working with a security researcher who raised concerns about video-on-by-default as a security vulnerability: Zoom by default turns on the video of a user when they join a meeting. “Unfortunately, Zoom has not fixed this vulnerability in the allotted 90-day disclosure window I gave them, as is the industry standard. Leitschuh added that he is publicizing the vulnerability because “this is essentially a zero day,” referring to a previously undisclosed vulnerability now out in the wild. An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack,” he wrote. “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner. In his timeline, Leitschuh said that the vulnerability was originally disclosed to Zoom on March 26, with a proposed “quick fix,” but that Zoom took 10 days to confirm the vulnerability, and that despite talking to the company he only saw on June 24 that Zoom had implemented the quick fix. Users can now update their client or download the new version from its website. Leitschuh included patches for the vulnerability, including how to disable the ability for Zoom to turn on your webcam when joining a meeting, a terminal command for disabling video by default and instructions on how to shut down the web server and remove web server application files. This re-install ‘feature’ continues to work to this day.” ![]() “If you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost webserver on your machine that will happily reinstall the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. ![]() News of the vulnerability first emerged Monday after software engineer and security researcher Jonathan Leitschuh published a Medium post detailing the vulnerability. Video conferencing giant Zoom has published a patch for its Mac client removing a rogue web server from users’ computers that allowed any website to join a video call without permission. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |