Vulnerabilities in a given operating system can come in many forms, from a system crash itself to a poorly written or faulty code application. Now, seeing an application that is not intended to be malware deliberately installs a vulnerability on your machine, we are already talking about a much rarer case.
It was exactly the discovery made by the security researcher Jonathan Leitschuh wrapping video conferencing service macOS app zoom. As demonstrated by the researcher in a proof of concept, the Zoom application silently installs a web server on the machine; This server runs all the time as a background process and allows, with a click on a simple link, any website to activate the Mac camera and make the user join a video call at any time without even accepting it. .
Scarier still to note that such a server stays on Mac even after uninstalling the Zoom app. According to the developers, server permanence exists so that you can reinstall the Zoom utility without any work, simply by visiting a web page; In practice, however, this means that the vulnerability resists even after its source is purged. The end of Leitschuh's post on Medium takes steps for users to eliminate the server from their Macs, which requires a trip to the Terminal.
A simpler but less secure way to protect yourself is to go to Zoom settings and check the option to “Turn video off when joining a meeting”. In this case, the server will still be able to play you in the middle of a video conference with a simple click on a link, but at least your camera will be off by default and you can get out of that environment before other people see whatever you are doing in front of it. computer.
Leitschuh informed Zoom of the problem at the end of March, respecting the commonly agreed 90-day window for publicly disclosing vulnerabilities. The problem that the company did not take action in time to correct the flaw: Zoom said that using the server on Mac is a "workaround" to changes implemented by Apple in Safari 12, saying that without it users would not have access the company's tools like one-click meetings and quick access to conversations.
After the extremely negative public reaction, Zoom, however, came back: The company has said it will release an update for its application in the next few days which completely disables the suspicious server. The update will also bring a new uninstaller that completely removes the Zoom utility when prompted by the user, and finally will enable new users by default to not automatically turn on the video when entering a call.
Update 7/10/2019 1:59 PM
Zoom has already issued the fix to your app, eliminating the suspicious server and adding a complete uninstaller to the utility. Application users can immediately update it in their updates tab.
Update II 07/10/2019 at 19:30
Zoom wasn't the only one taking steps to correct the minimally questionable behavior of its macOS app: Apple has just confirmed it by TechCrunch who also issued a silent security update for the operating system (through the XProtect system) which removes the malicious server from the app even if the user has not yet updated the app itself.
According to Ma, the update does not require any user interaction and is applied automatically, so all Macs in the world should be properly protected very soon.
What size did this lambana take, huh?