Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams


#1

Flaw in Zoom Video Conferencing Software Lets Websites Hijack Mac Webcams (Jul 9, 2019)

Security researcher Jonathan Leitschuh has identified a vulnerability, CVE-2019-13450, in the Zoom Mac application. The vulnerability exploits the feature that allows users to click-to-join, however when the user joins, their webcam is automatically connected. Even with uninstalling the software, the flaw still exists, as the click-to-join feature automatically reinstalls Zoom without permission. Zoom, a video conferencing software has over four million users has not patched the vulnerability.

Recommendation: Manually disable the setting that automatically connects your webcam when joining a zoom meeting

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.