Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: info@c2techs.net

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Onsite Support
    • Encryption
    • Backups
  • ABOUT
    • Privacy Policy
FREECONSULT
Tuesday, 09 July 2019 / Published in Woo on Tech

Zoom to patch Mac client security weakness

Videoconferencing darling Zoom stirred up a pot of controversy earlier this week after it first disclosed and then defended an apparent security weakness in its OS X video conferencing client. According to the security researcher who discovered and reported the flaw back in March of this year, the Mac version of Zoom installs a webserver on the computer on which it is used that will enable users to quickly make and answer Zoom calls. Unfortunately, the main reason they implemented this method was because the built-in security restrictions of the Mac operating system were getting in the way of this quick-connect feature, a “benefit” which Windows users did not enjoy. On top of this, even after the Zoom software was removed from the Mac, this local webserver remained in place, allowing for quick reinstallation in case the user needed to make or receive a Zoom call, the latter of which could be exploited to gain unauthorized access to the Mac’s built-in camera.

Subverting security for convenience is always good practice, right?

Initially, Zoom defended their Mac client methodology and insisted that the changes they made to the Mac client’s settings should be sufficient protect against any exploits of their software. The security researcher remained unconvinced that it was sufficient protection for Mac Zoom users and released his findings to the public alongside a proof of concept demonstration of a malicious Zoom invite attack. After about 24 hours of internet uproar over the vulnerability, Zoom reversed their position on the subject and has just released a patch that removes this feature, as well as adding a new menu choice to do a full uninstall of the software to remove the hidden webserver.

If you are using the Mac version of Zoom, you will want to update your software immediately if it hasn’t already prompted you to update. Windows users, for once, don’t need to do anything. Enjoy your small respite from the usual flood of security flaws.

  • Tweet

What you can read next

Patched IE
Latest Zero-Day IE Exploit Still Vulnerable after MS Patch
ID-100144458.jpg
Internet speed tests may not be reliable measure
home-office
Can your company go completely virtual?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • SolarWinds blames intern for weak password scandal

    Despite their best efforts, SolarWinds isn&#821...
  • Apple-logo.png

    New Malware hits 30k Macs

    Not even three months into Apple’s releas...
  • Biohazard warning

    Poor IT practices led to Florida utility hack

    Last week the sleepy Florida town of Oldsmar ma...
  • Facebook – Too little, too late?

    When working with people who are actively attem...
  • Things you should know as a WFH Pro

    While the past year has been no picnic for anyo...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP