Last week, a serious vulnerability was discovered in the Zoom app (video conferencing) on macOS. Due to a development error by Zoom, it was possible to activate the camera without user interaction. Read on to learn how this issue was resolved and how Root3 handled it.
Fix for Proactief Apple Beheer Customers On Wednesday, July 10, 2019, a fix was pushed to all Mac computers for Proactief Apple Beheer customers. This fix immediately addressed the vulnerability. At that time, we were still awaiting a solution from Zoom.
Exploiting the Zoom App Vulnerability The vulnerability in the Zoom app could be exploited through a malicious website due to a local web server set up by the Zoom app. The website could activate the camera without user interaction. Users who had previously installed Zoom but later uninstalled it were still vulnerable to the exploit. The local web server created by Zoom remained in macOS even after the application was removed.
New Version of the Zoom App and Apple’s Patch A new version of the Zoom app is now available for download, which also resolves the vulnerability.
Apple also took action and released a global patch on Thursday, July 11, to address the issue. The built-in malware removal tool (MRT) has been updated to version 1.45. Clear user interaction will now always be required. To check if your Mac is updated, use the following code and ensure the output shows at least version 1.45:
$ defaults read /System/Library/CoreServices/MRT.app/Contents/Info.plist CFBundleShortVersionString
For more information about this vulnerability, you can read The Verge, TechCrunch, and the Zoom website.