Zoom patches major security flaw in Mac video conferencing program

4 years ago 0 Comments

MANILA, Philippines – The makers of video conferencing program Zoom on Tuesday, July 9, released a patch to address a vulnerability in its Mac version which could have forced users into a Zoom video call – with the camera on – without the user allowing it.

The issue is compounded by Zoom installing a web server on a Mac that would download and reinstall Zoom without needing a user's interaction aside from visiting a webpage. The vulnerability also allowed a webpage to keep a Mac from functioning properly through denial of service by repeatedly joining a user to an invalid call.

The vulnerability was discovered by Jonathan Leitschuh back in March, and was disclosed on July 9 as Zoom's Chief Information Officer Richard Farley originally wrote the company "decided not to change the application functionality" and instead save a user's preferences as a sort of stopgap solution.

In an interview with The Verge, Farley also explained why they reversed course.

Farley said, "Ultimately, it’s based on based on the feedback of the people that have been following this and contributing to the discussion. Our original position was that installing this [web server] process in order to enable users to join the meeting without having to do these extra clicks – we believe that was the right decision. And it was [at] the request of some of our customers."

"But we also recognize and respect the view of others that say they don’t want to have an extra process installed on their local machine. So that’s why we made the decision to remove that component – despite the fact that it’s going to require an extra click from Safari."

Users can download the patch now by going to zoom.us/download, or by using the Check for Updates function of the Zoom application. – Rappler.com

Source From:https://www.rappler.com/technology/news/235041-zoom-patches-security-flaw-video-conferencing


Leave a Reply

Your email address will not be published.

Aplikasi UP Station
telah tersedia sekarang
Buka Artikel
Download Aplikasi