Irwin Lazar, vice president and service director at Nemertes Research, said the vulnerability itself should not be a major cause of concern for enterprises, as users would quickly notice the Zoom app being launched on their desktop. According to Buzzfeed News, Leitschuh classified its seriousness at 8.5 out of 10 Zoom rated the flaw at 3.1 following its own review. There have been varying levels of concern about the severity of the vulnerability.
#Zoom app for mac computer update#
That update would also help protect users who deleted the Zoom. “But in hearing the outcry from some of our users and the security community in the past 24 hours, we have decided to make the updates to our service.”Īpple also released a “silent” update on Wednesday that ensures the web server is removed on all Mac devices, according to Techcrunch. “Initially, we did not see the web server or video-on posture as significant risks to our customers and, in fact, felt that these were essential to our seamless join process,” Zoom CISO Richard Farley, said in a blog post.
#Zoom app for mac computer Patch#
On Tuesday, however, the company announced it would issue an emergency patch to remove the web server from Mac devices. Once installed, the web server remains on the device – even after the Zoom app has been deleted.Īfter publication of Leitschuh’s post, Zoom downplayed concerns about the web server. That’s possible because Zoom also installs a web server when the desktop app is downloaded. By directing a user to a site containing a quick-join link embedded and hidden in the site’s code, the Zoom app could be launched by an attacker, in the process switching the camera and/or microphone on without a user’s permission. Leitschuh argued that the feature could be used for nefarious purposes. Users need to check this box in the Zoom app to shut down access to the camera. (The feature is designed to launch the app quickly and seamlessly for a better user experience.) Although Zoom gives users the option to keep their camera off before joining a call – and users can later turn the camera off in the app’s settings – the default is to have the camera on. The flaw involves a feature in the Zoom app that lets users quickly join a video call with one click, thanks to a unique URL link that immediately launches the user into a video meeting. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable. Zoom said it’s seen “no indication” any users were affected. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.
The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user’s webcam.
0 kommentar(er)
