Zoom Fixes Zero-Day Vulnerability in Mac App With Emergency Patch
A major zero-day vulnerability within the Zoom Mac app discovered Monday has since been patched.
Popular video conferencing app Zoom has a serious security flaw for those who use the app on Macs. According to a Medium post published on Monday by security researcher Jonathan Leitschuh, the Mac version of the Zoom app has a vulnerability that lets websites launch video calls and turn on users’ webcam without their permission.
Zoom initially said it wouldn’t fix the issue, but eventually said it would release a patch Tuesday that would eliminate the bug, according to a new report from Wired. Users should update their Zoom software as soon as possible.
“Initially, we did not see the Web server or video-on posture as significant risks to our customers and, in fact, felt that these were essential to our seamless join process,” Zoom said in a statement. “But in hearing the outcry from some of our users and the security community in the past 24 hours, we have decided to make the updates to our service.”
The company stated the patch, which was pushed out as an emergency last night, will solve things. Users will be prompted to update the app and that once the update is finished, “the local web server will be completely removed on that device.”
The update will also supposedly improve the uninstall procedure. Zoom’s post states “We’re adding a new option to the Zoom menu bar that will allow users to manually and completely uninstall the Zoom client, including the local web server.”
In an update to his original Medium post, Leitschuh is now claiming that the vulnerability that plagued Zoom for Mac is also present in Ringcentral, a global enterprise cloud communications and collaboration service and also Zoom’s partner.
“As far as I can tell this vulnerability also impacts Ringcentral,” Leitschuh wrote. “Ringcentral for their Web conference system is a white labelled Zoom system.”