Zoom flaw could enable hackers to activate Mac webcams without permission
A vulnerability in the Mac version of Zoom, the popular video conferencing application, could allow a hacker to turn on a user’s video camera without their authorization or disrupt their computer via a denial-of-service attack, according to research published Monday.
The vulnerability, found by security researcher Jonathan Leitschuh, exists in a Zoom feature that lets a user send a meeting invite via a web link. By clicking the link, a user is launched into a video call. But a phishing campaign or a website laced with malicious advertisements could take advantage of those links, Leitschuh said.
Leitschuh, a software engineer at the engineering organization Gradle, published his findings Monday on the blogging platform Medium after Zoom failed to fix the problem within 90 days.
“An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack,” he wrote.
Asked how many Zoom Mac users there were, a company spokesperson said Zoom doesn’t disclose such figures, but said the vulnerability affects a significant portion of its customer base.