A vulnerability in the Mac client for popular web conferencing app Zoom may allow any website to join a video call without permission, writes software engineer and security researcher Jonathan Leitschuch. In a Medium post published today, Leitschuch detailed the vulnerability, writing that it may remain an issue even if users have uninstalled the Mac client: “If you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost webserver on your machine that will happily reinstall the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.”

Leitschuch included patches for the vulnerability, including how to disable the ability for Zoom to turn on your webcam

Read More At Article Source | Article Attribution