Set as Homepage - Add to Favorites

日韩欧美成人一区二区三区免费-日韩欧美成人免费中文字幕-日韩欧美成人免费观看-日韩欧美成人免-日韩欧美不卡一区-日韩欧美爱情中文字幕在线

【映画 館 アダルト】Zoom lets a website turn on your Mac's camera without permission

Video conferencing app Zoom has a major security flaw in its Mac client,映画 館 アダルト letting any website turn on your Mac's camera without a warning, security researcher Jonathan Leitschuh claims.

In a blog post Monday, Leitschuh detailed the vulnerability, which he says he'd disclosed to Zoom more than 90 days ago, and the company still hasn't fixed it.

SEE ALSO: Google Nest camera security flaw allows former owners to observe others' homes

The problem lies in Zoom's usage of a web server on users' local machines. This makes some of Zoom's cool features possible, for example, clicking on a simple link in your web browser automatically starts up the app.

Having an app install and run a web server on a user's machine with an undocumented API "feels incredibly sketchy," Leitschuh says. But there's more. According to Leitschuh, "this web server can do far more than just launch a Zoom meeting. (...) this web server can also re-install the Zoom app if a user has uninstalled it."

This is bad by itself, but Leitschuh discovered a vulnerability that let him launch a Zoom call, with video enabled, on a user's machine without permission. The same vulnerability allows the attacker to perform a DOS (denial of service) type attack on a user's machine.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Leitschuh says that he'd contacted Zoom on March 26, offering the company a quick fix for the vulnerability. After a lot of back and forth, Zoom partially fixed the flaw, but Leitschuh was able to bypass their fix, after which the company offered no additional fix. The security issue is still present in the latest version of Zoom for Mac, 4.4.4.

In a blog post Monday, Zoom defended its app's functionality, claiming that users are prompted to turn their video off when joining their first meeting, and can set the video to off in subsequent meetings; if they do so, it would be impossible for the host or other participants to turn their camera on. Furthermore, Zoom claims, "because the Zoom client user interface runs in the foreground upon launch, it would be readily apparent to the user that they had unintentionally joined a meeting and they could change their video settings or leave immediately."

The company said they will give users more control of their video settings in an upcoming, July 2019 release.

The company also addresses the presence of the web server on user machines, saying it's a "workaround to a change introduced in Safari 12" and a "legitimate solution to a poor user experience problem."

Zoom has assessed that both the video call issue and the DOS issue were "low risk," which is why the company decided not to change the app's functionality. The company also promised it will launch a public vulnerability disclosure program in the "next several weeks."

The main question users should be asking themselves is whether they want to sacrifice their system's security for a bit of added functionality -- likely, functionality they can live without. Zoom's ability to re-install itself without user permission after it's been uninstalled is particularly worrisome. Since there's no official fix for the issue, you can remove Zoom's web server from your machine by following the steps described in Leitschuh's post.


Featured Video For You
Flipboard’s data breach exposes usernames, passwords

Topics Cybersecurity

0.1475s , 9827.140625 kb

Copyright © 2025 Powered by 【映画 館 アダルト】Zoom lets a website turn on your Mac's camera without permission,Public Opinion Flash  

Sitemap

Top 主站蜘蛛池模板: 精品人妻久久久久一区二区三区 | 亚洲人妻一区二区三区aⅴ 亚洲人妻在线播放 | 欧美性猛交中文x精品天天人人牧场 | 亚洲经典三级 | 国产一区二区精品高h漫 | 国产野外无码理论片在线播放 | 国产香蕉尹人在线视频你懂的 | 日韩国产二区不卡在线 | 日韩成人a级毛片免费观看 日韩成人A片一区二区三区 | 欧美丰满熟妇 | 久久青青草原国产精品最新片 | 国模少妇一区二区三区 | 91精品少妇高潮一区二区三区不卡 | 日韩a无v码在线播放免费 | 色妞精品av一区二区三区 | 成熟人妻av无码专区 | 伦理片a在线线2 | 国产69精品久久久久人妻刘玥 | 极品福利在线 | 久久狠狠高潮亚洲精品暴力打 | 国产v综合v亚洲欧美大另类 | 高清国产av一区二区三区 | 欧美特黄a级猛片a级 | 久久久久青草线综合超碰 | 国内自拍真实伦在线观看视频 | 超高清真人大片视频 伊人网黄色视频 | 久久蜜桃精品久久久久小说 | 福利电影一区二区三区 | 日韩国产欧美亚洲 | 亚洲人成黄网站69影院 | 高清日韩电影免费在线观看视频播放中文字幕 | 久久99爱| 爆乳无码中文字幕在线观看 | 亚洲AV嫩草AV极品A片 | 2024国产乱人伦在线播放 | 狠狠躁18三区二区一区 | 欧美精产国品一二三产品测评 | 国产精品成人一区二区三区 | 色婷婷综合久久久久中文 | 大香线蕉伊人久久 | 国产伦精品十在线观看 |