Companies that use Zoom Video Communications’ video conferencing app for Apple’s Mac computers are being advised to check their security settings due to a flaw that could allow any website to commandeer those web cameras.
In a Medium blog post, security researcher Jonathan Leitschuh detailed the flaw, which potentially affects the Macs at 750,000 businesses worldwide. The vulnerability is said to allow a website to be able to join a Zoom video call without the permission of the computer’s user. Once on the call, a hacker potentially could do everything from turning on other apps that had been turned off and launching denial of service attacks without a user’s permission.
Leitschuh said the original flaw was discovered in March. It was fixed, but it became potentially active earlier this week due to a workaround to the initial repair.
In a statement, Zoom said that when a person uses the service to join a meeting for the first time, they are asked if they want their video camera to be turned off. After that, a user can configure their settings to turn their webcam off automatically when joining a meeting. To reduce the chances of their webcams being affected by the security flaw, Zoom users are advised to select the option “turn off my video when joining a meeting” in the app’s settings.
San Jose-based Zoom added that in spite of the security flaw report, it has received “no indication” that any of its users have had their webcams hacked in the manner described in Leitschuh’s report.
“It would be readily apparent to the user that they had unintentionally joined a meeting and they could change their video settings or leave immediately,” a spokesperson from Zoom said.
Zoom’s shares slipped by 0.6%, to $90.24, following the security flaw reports. However, the company’s shares have been on tear, rising more than 150% since the company went public at $36 a share in April in one of the most-successful IPOs this year.
