Zoom camera flaw could leave Macs vulnerable, researcher says | News Coverage from USA

Zoom camera flaw could leave Macs vulnerable, researcher says

A security flaw involving video conferencing tool Zoom could leave the cameras on Mac computers vulnerable to attackers, a security researcher claims.

In a post published Monday on Medium, researcher Jonathan Leitschuh says the exploit could allow a website “to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.”

Leitschuh said this vulnerability could potentially allow a website to perform a “denial of service” (DOS) style attack by continuously asking users to join a call.

The exploit is connected to a feature on Zoom where users can send a link to a meeting that users can click on to automatically launching the video conferencing software.

“I was curious about how this amazing bit of functionality was implemented and how it had been implemented securely. Come to find out, it really hadn’t been implemented securely,” wrote Leitschuh. “Nor can I figure out a good way to do this that doesn’t require an additional bit of user interaction to be secure.”

Zoom begins trading: Zoom valued at $16 billion, outpaces Pinterest as both go public

Facebook vs. YouTube: Facebook is trying to woo YouTube stars with new ways to make money

Leitschuh says he disclosed the vulnerability in March, but Zoom did not complete a fix until June. He also said users can patch the exploit by turning off the ability for your computer’s camera to turn on when joining a meeting.

In a subsequent blog post published Monday, Richard Farley, chief information security officer at Zoom, said a patch for the DOS attack vulnerability was released in May, but there was no indication it was ever exploited.

“Because the Zoom client user interface runs in the foreground upon launch, it would be readily apparent to the user that they had unintentionally joined a meeting and they could change their video settings or leave immediately,” wrote Farley. “Also of note, we have no indication that this has ever happened.”

Zoom will introduce an update to allow users to apply video preferences from their first call to all future calls. Zoom said it will also roll out an uninstaller app following concerns from Leitschuh a local web server on Macs remained on your computer even if you removed Zoom and could automatically reinstall the software.

Follow Brett Molina on Twitter: @brettmolina23.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *