Security researcher Jonathan Leitschuh warns hackers can exploit vulnerabilities in the Zoom videoconferencing desktop app to commandeer a user's Webcam.
Using this technique, attackers can set up a malicious call and fool Zoom users on Apple computers into clicking a link to participate, then add their video feed to monitor whatever the Webcam is directed toward.
Leitschuh said hackers also could launch denial-of-service attacks against Mac computers, using the same technique to inundate them with 'join' requests.
Although Zoom patched this flaw several months ago, it is only now adjusting auto-join video settings, to give users a more prominent way of opting to have video feed automatically launch when they click a call link.
Leitschuh said the patch cannot resolve privacy issues, or the underlying insecurity of the seamless flow that allows Zoom to launch calls from meeting URLs.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA