If you are using a Mac device or a MacBook for that matter, there is something you need to be worried about. This is particularly true if you are using the Zoom video-conferencing platform as well. Because there is a vulnerability found in Zoom that can allow attackers to hijack your Mac’s webcam. This means that hijackers can have access to your laptop or desktop’s webcam and capture things without your notice.
Now, this vulnerability is really as threatening as it sounds. And the vulnerability was found and posted on Medium by security researcher Jonathan Leitschuh. Jonathan says that the vulnerability can let websites take over your Mac’s camera. This is because when Zoom is installed on your Mac, it installs a web server along with it. However, this web server “accepts requests regular browsers wouldn’t,” which is the problem.
Also, Zoom’s web server is constantly running in the background and accepting requests. This allows anyone to join a video chat on Zoom without permission if the video camera is activated. However, the serious revelation about this vulnerability is explained by Jonathan here:
Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a
localhostweb server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.
If you click on a link, it will open a webpage which will let you join anyone’s Zoom video chat without them aware about it. Also, it will re-install the Zoom app on your Mac if you have uninstalled it. Everything happens without your notice and you can be found in a weird situation if this happens with you too. Now, there is no solution at the moment for this if you have ever installed Zoom on the Mac, but if you have not then you are safe.