Mac Users Affected by Zero-Day Webcam Hijacking
The Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 4 million workers that use the Zoom for Mac web-and videoconferencing service.
According to a researcher Jonathan Leitschuh (he noted that Mac users make up about 10 percent of Zoom’s customer base of 4+ million). An outside adversary would need only to convince a user to visit a malicious website with a specially crafted iFrame embedded, which would automatically launch a Mac user into a Zoom web conference while turning on their camera.
Leitschuh disclosed “I was very easily able to spot and describe bypasses in their planned fix,” he said. “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner. An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack.”
“I advised Zoom that if they have any users that are still using Zoom 4.1.33259.0925 versions or lower, this would be a very potent attack,” the researcher said.
The patch, available here, removes the local web server entirely, once the Zoom client has been updated. Also, the platform now allows users to manually uninstall Zoom.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway to Smarter IT
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.