Now that many people are working from home due to the COVID-19 coronavirus pandemic, teleconferencing service Zoom’s popularity has skyrocketed, but also has led to Zoom flaws being revealed with an increased focus on the company’s security practices and privacy promises.
Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user’s Mac, including tapping into the webcam and microphone.
Patrick Wardle, a former NSA hacker and now principal security researcher at Jamf, dropped the two previously undisclosed flaws on his blog Wednesday, which he shared with TechCrunch.
The two bugs, Wardle said, can be launched by a local attacker — that’s where someone has physical control of a vulnerable computer. Once exploited, the attacker can gain and maintain persistent access to the innards of a victim’s computer, allowing them to install malware or spyware.
MacDailyNews Take: The requirement for physical control limits access, of course, but Zoom has other flaws, too (See: Caution: Zoom video calls are not end-to-end encrypted ). If you can steer clear of Zoom, you probably should.
[Thanks to MacDailyNews Readers “Fred Mertz” and “Dogadoga” for the heads up.]