I’m a Zoom user on MacOS, so affected by this. I join all meetings with video turned off (see settings image below), you should too…:
Your computer’s webcam has always been a gateway for potential security intrusion, which is why people like Mark Zuckerberg and ex-FBI head James Comey put tape over theirs. On Monday, security researcher Jonathan Leitschuh gave Mac users another reason to fret over their webcams — there’s a security flaw in the Zoom video-conferencing app.
Zoom is most notable for its click-to-join feature, where clicking on a browser link takes you directly to a video meeting in Zoom’s app. But Leitschuh in a Medium postexplained that he months ago discovered Zoom achieves this in insecure ways, allowing websites to join you to a call as well as activating your webcam without your permission.
He adds that this would allow any webpage to denial-of-service a Mac by repeatedly joining you to an invalid call. Uninstalling the Zoom app from your Mac isn’t enough to fix the problem, either. Zoom achieves its click-to-join function by installing a web server on your computer — which can reinstall Zoom without your permission.
“If you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you,” Leitschuh writes, “without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.”
Here’s the first setting you should change in Zoom.