Sci-tech

Zoom releases patch after report reveals flaw left Mac webcams exposed

Zoom releases patch after report reveals flaw left Mac webcams exposed”

This link allows Zoom to begin a video call through their app - even if the receiver has not accepted.

Jonathan Leitschuh, 25, a software engineer at Gradle in the Boston area, investigated how Zoom's client software automatically opens on a Mac after someone clicks a meeting link in a browser window.

Leitschuh wrote that Zoom had didn't heed his warnings for months and only implemented a partial fix on the last minute, whereas the company told ZDNet on Monday the technique was an "official resolution to a poor user experience" in because of adjustments in Safari 12 (namely, a privacy protection feature that forced users to verify they actually wished to launch Zoom).

In a more detailed public statement, Zoom said admins and users will be able to turn off video if they configure their client video settings, and that preferences from their first Zoom meeting will be saved once they apply its July update.

"There was certainly some friction in terms of his characterization of the vulnerability", Zoom's CISO, Richard Farley, tells Information Security Media Group.

The researcher says he contacted Zoom on March 26, giving the company a public disclosure deadline of 90 days.

This will result in killing the hidden web server off entirely, although of course it will come back if you reinstall or update the Zoom app.

The vulnerability affects Apple Macs upon which Zoom video-conferencing software has been installed, although Zoom updated the software yesterday to make it harder to abuse, the report said. "We are stopping the use of a local web server on Mac devices", the company said.

That revelation drew surprise and criticism, including from Jake Williams, a former operator with the National Security Agency's Tailored Access Operations unit and founder of Rendition Infosec, a security consultancy in Atlanta.

A Zoom spokesperson told Forbes, however, that it had begun analyzing the problem within 10 minutes of learning about it, and that the ability to have one-click access to join videoconferencing calls was meant to address poor user experiences for those running Apple's Safari 12 web browser.

Zoom also told BuzzFeed News that it doesn't even plan to add a dialog window to simply ask users if they would like to join a meeting after clicking an invite link. But the workaround is considered questionable even though software vendors other than Zoom have implemented it.

"A very poor decision by the folks at Zoom", he added. But it fell under heavy criticism, and Zoom reversed the decision on Tuesday. The first part, which is available now from the company's download page, "completely" removes the local web server from the Mac once the client app is updated.

We consciously enabled the ability to have meeting joins initiated from within an iframe on a webpage.



Like this

loading...
loading...

Latest


11 July 2019
Star Trek: Picard Poster Reveals New Look At Patrick Stewart's Return
The dog's name remains a mystery, but his rank was spotted by eagle-eyed fans on the Starfleet emblem hanging from his collar. During the course of the series, Picard took a leave from Starfleet to visit the vineyard, which is being run by his brother.

11 July 2019
Authorities Searching For 5-Foot-Long Alligator Spotted In Chicago Lagoon
Police are investigating who released the wild animal into the lagoon as well, according to ABC 7 Chicago . This, however, isn't the first time that Chicagoans have been alerted to an alligator in the region.

11 July 2019
Ilhan Omar Admits Lying to High School Students
" Ilhan Omar is living proof that the way we practice immigration has become risky to this country", Carlson said. They can never criticize the immigration process or the systems created to keep them in poverty.

11 July 2019
Borderlands 3 Multiplayer & Social Features: Ping System, Matchmaking, Twitch Integration Detailed
Borderlands 3 will also feature closed detailed captioning and colour-blindness options to ensure that everyone can play the game. When a friend sells an item in their game, you can buy it from the store in your game, or they can mail it directly to you.

11 July 2019
Zombies invade All of Call of Duty Black Ops 4
For the first time, you'll be able to jump into the fray as both the Primis and Ultimis characters, as timelines converge. Additionally, if you are playing on PlayStation 4 , you will receive the Nightfall theme of the map and the LTM.

11 July 2019
Harry and Meghan to hold christening for baby Archie
Only close family friends were invited including sisters of Queen Diana namely Lady Jane Fellowes and Lady Sarah Mc Corquodale. Harry was baptised at St George's Chapel, Windsor Castle , on December 21, 1984, when he was three months and six days old.

11 July 2019
Spanish court rules Julio Iglesias is father of 43-year old man
He has often presented himself as an unapologetic flirt with "an obsession for sex ". "I don't even know myself". That test showed that Julio Iglesias Jr and Sanchez were brothers, Osuna added.

11 July 2019
IndiGo promoter feud out in the open
An IndiGo Airlines Airbus A320 aircraft takes off in Colomiers near Toulouse, France, October 19, 2017. Our mission, direction and growth strategy remains unchanged, and firmly in place.

10 July 2019
Nigeria v South Africa
One win (over Egypt on Saturday) doesn't make us favourites. "Our target is to win the game and we will push hard to beat them". However, Cisse warned Senegal would pay the price for looking any further than Wednesday's quarter-final with Benin in Cairo.

10 July 2019
Ross Perot Gave Bernie Sanders a Sword
He won attention for his quip about "the giant sucking sound ", referring to the alleged loss of United States jobs to Mexico. But Perot went further than other politicians to use evening cable news as a venue to lay out his case (sound familiar yet?).