A Zero Day vulnerability in the Mac Zoom Client allows any malicious website to enable the machine’s camera without the user’s permission, potentially impacting the 700,000+ companies worldwide using Zoom for video conferencing each day, security researcher Jonathan Leitschuh disclosed in a post on Medium.
The vulnerability leverages Zoom’s feature of allowing users to share a link that permits anyone to easily join a meeting. If you have ever installed Zoom on a Mac, the app installs a local web server, to get around changes introduced in Safari 12. You can check this on your Mac by running lsof -i :19421 in your terminal, Leitschuh found.
Leitschuh said he was able to exploit the vulnerability to create a URL that could drop users into a call and force video and audio on without their permission.
Thankfully, there are ways patch the Zoom vulnerability. Learn how by reading this free TechRepublic PDF download.