Tag Archives: zoom

Apple Removed the Zoom Vulnerability

Good news for Mac users who had Zoom installed on their computers! TechCrunch reported that Apple has released a silent update for Mac users that removes a vulnerable component in Zoom. The update does not require any user interaction and is deployed automatically.

Apple often pushes silent signature updates to Macs to thwart known malware – similar to an anti-malware service – but it’s rare for Apple to take action publicly against a known or popular app. The company said it pushed the update to protect users from the risks posed by the exposed web server.

TechCrunch quoted Zoom spokesperson Priscilla McCathy who said (in part): “We are happy to have worked with Apple on testing this update.”

Apple’s update comes after Zoom released a fix for the vulnerability that enabled nefarious people to put a link into a website that would automatically cause a Zoom user to connect to Zoom with their video running.

The patch does two things. It removes the local web server entirely, once the Zoom client has been updated. In other words, it completely removes the local web sever from a Mac. The patch also allows users to manually uninstall Zoom.

Mac users may see a pop-up in Zoom that tells them to update their Zoom client. There is a link on the Zoom blog where you can download the update. Or, you can check for updates by opening your Zoom app window.

Zoom Mac Client Vulnerability Enables Cameras Without Permission

Have you used Zoom for web conferencing, podcasting, or anything else? Be aware that there is a vulnerability in the Mac Zoom Client that can enable your camera without your permission. Uninstalling Zoom does not fix the problem.

Jonathan Leitschuh posted a very detailed article on Medium explaining the situation. In short, the vulnerability in the Mac Zoom Client allowed any malicious website to enable your camera without your permission. According to Jonathan Leitschuh, this issue potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

If I’m understanding this correctly, the vulnerability takes advantage of a Zoom feature that allows users to send anyone a link. When the person opens that link in their browser, the Zoom client opens on their machine. A mean-spirited person could embed a specific piece of code into a website. When a Zoom users visits that website, the user will be connected to Zoom with their video running.

Zoom posted a “Response to Video-On Concern” on the Zoom blog. In the blog, Zoom explains that “if the user has not configured their Zoom client to disable video upon joining meetings, the attacker may be able to view the user’s video feed.”

Zoom explains that the Zoom client runs in the foreground upon launch. It would be readily apparent to a user that they had unintentionally joined a meeting, and the user could change their video settings or leave the meeting immediately. According to Zoom, “we have no indication that this has ever happened.”

You can click on a link in the Zoom blog to connect with their support team. Zoom says it will go live with a public vulnerability disclosure program in the next several weeks. Until then, I recommend putting a sticker over your camera.

Firefox Viewing Add-Ons

If you’re a Firefox geek, like I am, you are always looking for ways to make it work better for you. It is one of the advantages of having something open source that lots of developers can work on. I know, the majority of the world still runs on Microsoft Internet Explorer, but like a good Firefox evangelist, I’m continually trying to convert people to the lighter side of the browser world. If you’ve not been converted, what are you waiting for? Go visit Mozilla today and get your very own copy! It’s FREE! It’s easy to use! It’s reasonably safe from spyware and adware and all kinds of other nasty beasts. Really, there’s nothing to be afraid of! Go on! Do it today!

Er. Sorry. I think I got off track there for a minute.

Anyway, I have daily contact with plenty of people that use Firefox add-ons to enhance their use of the browser. I’d like to point out a few of these add-ons today that my visually impaired students are using on a regular basis.

Text Size Toolbar
This add-on creates tools on your standard toolbar that gives you three quick links: to enlarge, to reduce, or to “equalize” or bring back to its default size. The tools are unobtrusive, easy to manage, and quick to use.

Adds two buttons to the status bar that are the equivalent of the crtl+ and ctrl- commands. Right-clicking on either of the two buttons returns the view to its default size.

Adds three menu items to the context menu (right-click menu) that allows you to enlarge, decrease, or return to default size.

Adds a complete toolbar that allows changes in font size, background and font colors, and line spacing. Also includes the ReadAloud text reader.

All of these add-ons are guaranteed to work with versions 1.5-2.x, and are also being reconfigured to work with Firefox 3.0, which is currently in beat. All of these add-ons can be located by visiting the Firefox Add-Ins Site.

Don’t feel that you have to have an impairment to use these add-ons. How many times have you visited a web page where the web designer has put white text on a black background, and it hurts to look at it? The Accessibar can reverse these colors for you, easily and quickly. And what about those forum pages that you may come across that give you a tiny little window and an even tinier font to type your post into? The QuickZoom or TextSizeToolbar will increase the size in a click. And while I know that there are keyboard commands and keyboard plus mouse movements that will do some of these same things, if you’re surfing, you don’t want to take your hand off your mouse to complete a keyboard maneuver if you don’t have to. These add-ons can make it a whole lot quicker and easier to get through what you need to get through.