Security Update:Serious zero-day vulnerability for the Zoom video conferencing application on Macs
Date and Time
Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing application on Macs.
Advanced Users:For a more detailed description of the vulnerability and affected software refer to:
- Serious Zoom security flaw could let websites hijack Mac cameras at: https://www.theverge.com/platform/amp/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras
- Zoom video conferencing application on Macs
WHAT'S THE PROBLEM?
Any website can open up a video-enabled call on a Mac with the Zoom app installed.
HOW DO I PROTECT MY COMPUTER?
- Central UCSF IT and the Vendor are currently working on a global and/or profile level solution. In the meantime,it is recommended you make sure your zoom setting for auto-camera start is turned OFF in general meeting settings: go to `Preferences > Video > Turn off my video when joining meeting` and make sure this option is CHECKED (see picture below).
- Ensure you are on Zoon 4.4.2 or higher.
- In general, you may want to use a webcam cover or post-it note on the webcam as a physical barrier to address this vulnerability or other software conditions which may access the camera.
- Serious Zoom security flaw could let websites hijack Mac cameras at: https://www.theverge.com/2019/7/8/20687014/zoom-security-flaw-video-conference-websites-hijack-mac-cameras