Set as Homepage - Add to Favorites

【Maid Pension: Erotic Services From MZ Girls】

Source:Unobstructed Information Network Editor:Social Good Time:2025-06-26 00:34:10

Video conferencing app Zoom has a major security flaw in its Mac client,Maid Pension: Erotic Services From MZ Girls letting any website turn on your Mac's camera without a warning, security researcher Jonathan Leitschuh claims.

In a blog post Monday, Leitschuh detailed the vulnerability, which he says he'd disclosed to Zoom more than 90 days ago, and the company still hasn't fixed it.

SEE ALSO: Google Nest camera security flaw allows former owners to observe others' homes

The problem lies in Zoom's usage of a web server on users' local machines. This makes some of Zoom's cool features possible, for example, clicking on a simple link in your web browser automatically starts up the app.

Having an app install and run a web server on a user's machine with an undocumented API "feels incredibly sketchy," Leitschuh says. But there's more. According to Leitschuh, "this web server can do far more than just launch a Zoom meeting. (...) this web server can also re-install the Zoom app if a user has uninstalled it."

This is bad by itself, but Leitschuh discovered a vulnerability that let him launch a Zoom call, with video enabled, on a user's machine without permission. The same vulnerability allows the attacker to perform a DOS (denial of service) type attack on a user's machine.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Leitschuh says that he'd contacted Zoom on March 26, offering the company a quick fix for the vulnerability. After a lot of back and forth, Zoom partially fixed the flaw, but Leitschuh was able to bypass their fix, after which the company offered no additional fix. The security issue is still present in the latest version of Zoom for Mac, 4.4.4.

In a blog post Monday, Zoom defended its app's functionality, claiming that users are prompted to turn their video off when joining their first meeting, and can set the video to off in subsequent meetings; if they do so, it would be impossible for the host or other participants to turn their camera on. Furthermore, Zoom claims, "because the Zoom client user interface runs in the foreground upon launch, it would be readily apparent to the user that they had unintentionally joined a meeting and they could change their video settings or leave immediately."

The company said they will give users more control of their video settings in an upcoming, July 2019 release.

The company also addresses the presence of the web server on user machines, saying it's a "workaround to a change introduced in Safari 12" and a "legitimate solution to a poor user experience problem."

Zoom has assessed that both the video call issue and the DOS issue were "low risk," which is why the company decided not to change the app's functionality. The company also promised it will launch a public vulnerability disclosure program in the "next several weeks."

The main question users should be asking themselves is whether they want to sacrifice their system's security for a bit of added functionality -- likely, functionality they can live without. Zoom's ability to re-install itself without user permission after it's been uninstalled is particularly worrisome. Since there's no official fix for the issue, you can remove Zoom's web server from your machine by following the steps described in Leitschuh's post.

Featured Video For You
Flipboard’s data breach exposes usernames, passwords

Topics Cybersecurity

Previous:Entitlements

Next:Who’s Afraid of Ocasio-Cortez?

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

China just dethroned the U.S. as the largest iOS app spenderPolish woman was booed for saying she feels unwelcome in the UKThe most ironic thing about this massive internet attackInternet of Things gets its zombie apocalypse, and this is just the beginningHere's President Obama dancing to Drake's 'Hotline Bling'Polish woman was booed for saying she feels unwelcome in the UKClinton drops another Trump burn after night of jokesSchizophrenia awareness just got fashionable thanks to this clothing lineJoe Biden would like to take Trump 'behind the gym'Can the Nintendo Switch return the company to greatness?A look at the 'League of Legends' Worlds semifinals matchFacebook has apologised for removing this cancer awareness videoVictoria Beckham just announced a very affordable collaboration with TargetHow your smart device caused the internet to crash and burnTaylor Swift sings 'This Is What You Came For' in concert for the first time, crushes itB&W P9 Signature: Amazing sound with a hefty priceObama subtly roasts Samsung for Galaxy Note7How your smart device caused the internet to crash and burnThe iPhone has a hidden oneIntense video shows great white shark getting stuck inside a cage with 4 divers Here are some other things Trump's $15 billion wall budget could be spent on How to use iMessage special effects on your iPhone Headshots and comebacks in crazy 'Counter Shyamalan's 'Split' is still #1 at the box office Airbnb offers free housing to those affected by Muslim travel ban George R.R. Martin delivering new 'Games of Thrones' story this year Hollywood rallies to support Iranian Asghar Farhadi, barred from Oscars by Muslim ban MashTalk: How Apple's lawsuit against Qualcomm could affect future iPhones Amazon and Netflix are spending money like drunken sailors at Sundance Talking to robots might make you feel better about your love life, new research shows Snapchat is about to tell us so many things about its business Trolls really piled on this country's hyped annual radio countdown Airport protests against Muslim ban spread across the U.S. via social media Indigenous activists respond to flag 'Counter Hey Trump! If you MUST tweet from an Android, make it this one Oregon basketball player won't be winning any Oscars with this ridiculous flop Melania Trump's 'Vanity Fair' cover is causing a ton of controversy in Mexico 2 big names in video games take on Trump's immigration ban Sorry, Steve Bannon, Jake Tapper isn't going to "shut up" because you told him to

1.9852s , 10130.8046875 kb

Copyright © 2025 Powered by 【Maid Pension: Erotic Services From MZ Girls】,Unobstructed Information Network  

Sitemap

Top

Quick Links