A researcher, Jonathan Leitschuh, claimed that Zoom users that use Apple’s Mac computers were left unprotected and could have had their computer camera hacked. This application glitch allowed any user to force other users into joining Zoom calls, turning on their camera without permission. Leitschuh, the one who discovered this flaw, stated in his blog, “This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link… and when they open that link in their browser their Zoom client is magically opened on their local machine.”
Leitschuh discovered how to expose the flaw by switching the Participants option from “Off” to “On.” When he notified the public about this vulnerability, users on social media put it to the test – and it was a frightening success. In addition, even if a user deletes Zoom from their Mac, a hacker could reinstall it. As a quick and temporary fix to this issue, users can go into their Zoom settings and click on “Turn off my video when joining a meeting.”
Leitschuh gave Zoom a 90 day window to repair this issue. Over 40 million people who use Zoom are exposed to potential invasion of privacy. He was not convinced with the quick fix Zoom came up with. The company commented that the issue is still ongoing, however, on Tuesday, they stated that had begun to fix this matter.
Apple recently released a silent update to patch the vulnerability on users’ Zoom apps. The update is deployed without the need for user interaction and effectively stops the possibility of web servers activating a user’s video camera without permission.