Video conferencing provider Zoom is pushing out an emergency patch later today to address the zero-day vulnerability for Mac users that could potentially expose a live webcam feed to an attacker.
The fix, detailed in the latest update to Zoom’s blog post on the vulnerability, will “remove the local web server entirely, once the Zoom client has been updated,” to take away the ability for a malicious third party to automatically activate webcams using a Zoom link. The vulnerability arises from the fact that Zoom installs a local web server onto Mac computers that install its application, which allows the platform to bypass security measures in Safari 12 that prompt users with a dialogue box to confirm when joining a new meeting.
Go to Source
Author: Nick Statt