it.ucsf.edu

Security Update:serious zero-day vulnerability for the Zoom video conferencing application on Macs

Status Type

Security Update

Date and Time

Tuesday, July 9, 2019 - 09:55

Reason

Security update

Impact

ZOOM users

WHAT HAPPENED?

Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing application on Macs.

 

Advanced Users:For a more detailed description of the vulnerability and affected software refer to:

 

AFFECTED SYSTEMS:

  • Zoom video conferencing application on Macs

 

WHAT'S THE PROBLEM?

Any website can open up a video-enabled call on a Mac with the Zoom app installed.

 

HOW DO I PROTECT MY COMPUTER?

  • Central UCSF IT and the Vendor are currently working on a global and/or profile level solution. In the meantime,it is recommended you make sure your zoom setting for auto-camera start is turned OFF in general meeting settings: go to `Preferences > Video > Turn off my video when joining meeting` and make sure this option is CHECKED (see picture below).

  • Ensure you are on Zoon 4.4.2 or higher.
  • In general, you may want to use a webcam cover or post-it note on the webcam as a physical barrier to address this vulnerability or other software conditions which may access the camera.

 

RELATED LINKS