国产精品美女一区二区三区-国产精品美女自在线观看免费-国产精品秘麻豆果-国产精品秘麻豆免费版-国产精品秘麻豆免费版下载-国产精品秘入口

Set as Homepage - Add to Favorites

【lee???? ????????】Zoom lets a website turn on your Mac's camera without permission

Source:Global Hot Topic Analysis Editor:fashion Time:2025-07-03 04:52:10

Video conferencing app Zoom has a major security flaw in its Mac client,lee???? ???????? letting any website turn on your Mac's camera without a warning, security researcher Jonathan Leitschuh claims.

In a blog post Monday, Leitschuh detailed the vulnerability, which he says he'd disclosed to Zoom more than 90 days ago, and the company still hasn't fixed it.

SEE ALSO: Google Nest camera security flaw allows former owners to observe others' homes

The problem lies in Zoom's usage of a web server on users' local machines. This makes some of Zoom's cool features possible, for example, clicking on a simple link in your web browser automatically starts up the app.

Having an app install and run a web server on a user's machine with an undocumented API "feels incredibly sketchy," Leitschuh says. But there's more. According to Leitschuh, "this web server can do far more than just launch a Zoom meeting. (...) this web server can also re-install the Zoom app if a user has uninstalled it."

This is bad by itself, but Leitschuh discovered a vulnerability that let him launch a Zoom call, with video enabled, on a user's machine without permission. The same vulnerability allows the attacker to perform a DOS (denial of service) type attack on a user's machine.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Leitschuh says that he'd contacted Zoom on March 26, offering the company a quick fix for the vulnerability. After a lot of back and forth, Zoom partially fixed the flaw, but Leitschuh was able to bypass their fix, after which the company offered no additional fix. The security issue is still present in the latest version of Zoom for Mac, 4.4.4.

In a blog post Monday, Zoom defended its app's functionality, claiming that users are prompted to turn their video off when joining their first meeting, and can set the video to off in subsequent meetings; if they do so, it would be impossible for the host or other participants to turn their camera on. Furthermore, Zoom claims, "because the Zoom client user interface runs in the foreground upon launch, it would be readily apparent to the user that they had unintentionally joined a meeting and they could change their video settings or leave immediately."

The company said they will give users more control of their video settings in an upcoming, July 2019 release.

The company also addresses the presence of the web server on user machines, saying it's a "workaround to a change introduced in Safari 12" and a "legitimate solution to a poor user experience problem."

Zoom has assessed that both the video call issue and the DOS issue were "low risk," which is why the company decided not to change the app's functionality. The company also promised it will launch a public vulnerability disclosure program in the "next several weeks."

The main question users should be asking themselves is whether they want to sacrifice their system's security for a bit of added functionality -- likely, functionality they can live without. Zoom's ability to re-install itself without user permission after it's been uninstalled is particularly worrisome. Since there's no official fix for the issue, you can remove Zoom's web server from your machine by following the steps described in Leitschuh's post.


Featured Video For You
Flipboard’s data breach exposes usernames, passwords

Topics Cybersecurity

0.1377s , 10013.3203125 kb

Copyright © 2025 Powered by 【lee???? ????????】Zoom lets a website turn on your Mac's camera without permission,Global Hot Topic Analysis  

Sitemap

Top 主站蜘蛛池模板: 变态潮喷失禁大喷水 | 午夜内射中出视频 | 国产3级在线 | 午夜福利国产一区二区视频 | 午夜福利高清无码在线观看 | 一区二区三区精密机械公司 | 日韩av无码大全 | 成人不卡在线观看 | www.中文字幕在线 | caoporn视频在线 | av人摸人人人澡人人超碰手机版 | 海角国精产品一区一区三区糖心推荐 | 波多野结衣久 | 91久久线看在观草草青青 | 18成禁人视频免费 | 午夜性色吃奶添下面69影院 | 午夜福利在线视频 | av中文在线播放 | 午夜成人中文字幕一区二区三区 | 午夜视频网 | 97蜜桃新版 | 2025国产在线视频 | 韩国三级大全久久网站中文字幕日韩电影在线 | 变态另类天上人间全文免费阅读 | 日韩av免费无码久久 | 91精品国产一区二区三区在线 | 国产91精品高跟丝袜 | 97色伦影院 | 99r8这是只有精品视频9 | 午夜爽爽爽男女免 | 99国产在线精品观看二区 | 91高清在线观看 | 99久久国产露脸精品竹菊传煤 | 91欧美精品 | 午夜在线视频一区二区三区 | av中文字幕一区少妇 | 韩国三级中文字幕hd久久精品电影完整版在线播放 | av无码人妻一区二区三区在 | 97无码久久久久中文字幕精品 | 99精品欧美一区二区蜜桃免费 | 91精品国产自产在线观看永久 |