Zoom Mac client was found to have a very nasty vulnerability that easily granted access to your Web cam to virtually anyone in the know. Zoom is a web video conferencing service and software which employs 1,300 people.
With this vulnerability any website could have forced someone who has or previously had Zoom (uninstalled) to automatically enable a web cam access request.
It was that simple, a URL with an iframe in it could flick your web cam on in an instant. This is not secure nor is it great thinking to have something like this done so simply.
The simplest of vulnerabilities
The companies response gives great insight into why this is even a thing and why security issues and vulnerabilities whilst being an easy fix a companies idea of “accessibility” can eat away and put users in danger of breaches.
Back to this post there are details that Zoom was contacted March 26th 2019 with the issue. It is now months onwards and yes the issue is not fixed. The author Jonathan Leitschuh even gave Zoom methods to fix and was seemingly very helpful.
Zooms lack of care and willingness to fix a pretty damming vulnerability now puts 4+ million users into the firing line.
Zoom seemingly don’t care
Problem being most of their users wont know about these issues as Zoom is something that your job requires you to download and use. Those poor people forced into using something that has one massive privacy crack.
Never less there are simple fixes, even if Zoom doesn’t wont to make the fixes itself.
The post also shows and gives advice on how to protect yourself. Again some seemingly random person is doing more against a vulnerability than the company that made it.
Perhaps the greatest protection of all is a tiny square of duct tape. 2019 where we have thousand dollar MacBook’s with a patch of duct tape to effectively block the web cam from those with bad intentions or those that don’t care like Zoom.
On a side note Zoom stocks are down 1.12% on close of July 8. It would be such a pity if there falling stocks are from the result of disregard for their users online safety.