What you need to know

  • A major Zoom vulnerability lets malicious websites access your Mac camera without permission.
  • Zoom was alterted of the issues by security researcher Jonathan Leitschuh back in March but did not roll out a fix.
  • After heavy backlash, Zoom has now rolled out an emergency patch to fix the issue.

Video conferencing app Zoom is yet the latest service to be hit with a major vulnerability that puts its users at risk. The zero-day vulnerability affecting Zoom lets websites access a Mac's camera without asking for permission.

The security issue was first discovered by Jonathan Leitschuh:

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

In a Medium post, he outlined the issue and confirmed he related the issue to Zoom back in March but the company did little effort to curtail the security threat. What made the issue worse was that even if you uninstalled the app, the local host web server was still inside your machine, which could still be access by malicious websites.

After news broke, Zoom continued to ignore the issue with a tepid response that was nonchalant. It wasn't until its response was heavily criticized that Zoom jumped to action and rolled out an emergency security patch to fix the issue on July 9. The security patch is now live and can be downloaded through Zoom's site.

This latest issue of security continues to show how ill-prepared many companies are when dealing with vulnerabilities. Often times they hide behind statements before they spring into action.