Security Flaw Leads to Mac Camera Hijack
Threat Level: 3
Mac computers may be known to have a lower chance of getting infected with a virus, but they are still open to security flaws just like every other device out there. In fact, just recently Mac was hit with a serious one that threatened to let websites hijack personal Mac cameras.
If you have the Zoom video conferencing app installed on a Mac, the flaw allows any website to open up a video-enabled call. This happens because the Zoom app installs a web server on Macs that accepts requests that other regular browsers normally wouldn’t. Even if you uninstall the Zoom app, the web server can reinstall it without your approval or permission.
The issue has been brought to the attention of Zoom, but many believe that they haven’t done enough to resolve the issue. They purposely created the local web server in order to provide their users with a one-click-to-join meeting option, which is what differentiates them from other competitors. The Chromium and Mozilla teams were also notified, but since it isn’t an issue with their browsers, there is nothing they can do to solve the problem.
If you happen to come across this issue, there are ways users can “patch” it themselves. Be sure that the Mac app is up to date, and also disable the setting that allows Zoom to automatically turn on your camera once you join a meeting. Remember, you can’t just simply uninstall the Zoom app to solve the problem. Going forward, Zoom does plan to save users’ and administrators’ preferences when they first join a call; whether they want the video turned on or not. Since this is such a minor step to fix the issue, it seems it is up to the user more than anyone to prevent this from happening in the future.