Serious Zoom Security Flaw Lets Websites Control Mac Camera
Security researcher, Jonathan Leitschuh disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. The flaw allows any website to open up a video-enabled call on a Mac with the Zoom app installed. The flaw exists because the Zoom app installs a web server on Macs that accepts requests regular browsers wouldn't. Uninstalling Zoom doesn't help because the web server persists and can reinstall Zoom without intervention.
The issue isn't just about hijacking the camera, it is the existence of the web server on their computers could open up more problems for Mac users. For example, in an older version of Zoom, it was possible to start a denial of service attack on Macs by constantly pinging the web server.
Zoom developed the local web server in order to save the user some clicks, after Apple changed its Safari web browser so that it requires Zoom users to confirm that they want to launch Zoom each time. Zoom defended it as a legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator.
Users can fix the camera issue by ensuring the Mac app is up to date and also disabling the setting that allows Zoom to turn the camera on when joining a meeting. Just uninstalling Zoom won't fix this problem, as that web server persists on the Mac. To shut down the web server, run lsof -i :19421 to get the PID of the process, then run kill -9 [process number]. After doing so, delete the ~/.zoomus directory to remove the web server application files.
To prevent the server from being restored with an update, enter the following commands in the terminal:
rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus
rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener