Blog Post

Apple Sends Update to Plug a Zoom Security Hole

ore than 1 million fans a day use the popular Zoom conference software. It’s an easy way to connect with large groups of participants at a time who use video for meetings, webinars, online education, and many other needs. However, a recent discovery of a flaw in the app is affecting Apple users who find uninvited guests have hijacked their webcams. The cloud-based platform now finds itself having to fix the problem, but security experts aren’t yet satisfied with Zoom’s response. In the meantime, Apple quietly sent out an update to fix the issue within the Mac OS.

Since 2013, Zoom has been rapidly gaining fans worldwide. These fans like the app for its ease of use compared to other conferencing software, but it’s simple “click-to-join” feature is now behind Mac users finding their webcams hacked remotely. With Zoom now aware of the problem, they’ve supplied a security patch, but experts believe it came up short by not entirely addressing the vulnerabilities.

Hackers can easily exploit that “click-to-join” option and remotely gain access to user’s webcam. The webcam records activities as long as the device is turned on–even though the user is no longer actively using Zoom. For many, that means 24/7 video and verbal observation. Not only is that incredibly creepy, but it can lead to compromised system security.

As hackers do, they find other ways to entice Zoom users into joining a setup scam. Hackers use email phishing to invite users to a non-existent meeting. The email has a bogus link to follow that is setup for the sole purpose of overtaking their webcam. Anti-phishing smarts should always be used, with a user making sure the email is legitimate before acting on it. If you aren’t aware of a meeting, most certainly don’t click any links, regardless of whose name is in the “sender” line of the email. Remember never to click links that are not expected or are from unknown persons, regardless of the link’s name. This goes for attachments too.

While Zoom addresses–or doesn’t address, the vulnerabilities, Mac users have an option to stay safe from a peeping webcam. Go into the Zoom settings and click the checkbox that automatically enables the webcam when joining a conference. Simply uninstalling Zoom won’t fix the problem because its local web server still persists, and Zoom can be automatically be reinstalled without user permission. In general, however, it’s always wise to uninstall apps you no longer use.

Before disabling the video, make sure you’re using the most current version of Zoom. Go to your Zoom preferences and click “Turn off my video when joining a meeting.” While Zoom continues to struggle providing security to its Mac users, disabling its most popular feature will keep their webcams safe, for now.