Last week, video conferencing app Zoom had to make a major change to its service to fix a frightening webcam vulnerability. But new evidence disclosed by security researcher Karan Lyons shows that other conferencing apps like RingCentral and Zhumu are susceptible to the same issue.
This means that, if you’ve installed either of the two apps, a malicious website could potentially embed a meeting link that — upon visiting — would automatically open up a video conference that turns your webcam on.
…
This makes it absolutely critical that vulnerability fixes are patched, distributed, adopted and installed in time.
In case you forgot what the problem was:
As noted earlier:
“A security researcher has identified an extremely serious vulnerablity in the Zoom videoconferencing system that lets any website open up a video-enabled call on a Mac with the Zoom app installed — even if you’ve previously deleted the software.”
The flaw was so wrong Apple was forced to patch it for Zoom.
MacDailyNews Take: If white label software is found deeply faulty and the developer responsible doesn’t fix it, are they still utterly guilty of egregious treatment of user security?
Don’t use Zoom.
Update: Clearly, Zoom hasn’t impressed Apple a great deal, either.
“vulnerability” — What!?
Let me fix that for you… “insane privacy-invading, deliberately-built-in feature”.