If you’ve ever seen photos of people’s laptops with their webcams covered or taped up, it is because there is a legit concern about how the webcams on our laptops can be hijacked to be enabled without our knowledge. Given that they’re built into the display, it’s not as if we can point it away or unplug it so easily.
Unfortunately, it seems that those fears have sort of come true, at least for Mac users after a flaw was recently discovered in the Zoom Mac client. For those unfamiliar, Zoom is a video conferencing client and according to researcher Jonathan Leitschuh, he discovered a flaw that would allow websites to initiate a video call on any Mac that has the app installed.
According to Leitschuh, this flaw is partly due to the fact that Zoom creates and runs a local web server as a background process of the host machine. A statement made to ZDNet revealed that the reason for this was due to a workaround as part of the changes made in Safari 12. He adds that the problem doesn’t seem to have been fully solved.
The researcher wrote, “Zoom did end up patching this vulnerability, but all they did was prevent the attacker from turning on the user’s video camera. They did not disable the ability for an attacker to forcibly join to a call anyone visiting a malicious site.” It has since been advised that until the matter has been fully resolved, that users should disable video while joining a meeting unless they absolutely have to use it.