Set as Homepage - Add to Favorites

日韩欧美成人一区二区三区免费-日韩欧美成人免费中文字幕-日韩欧美成人免费观看-日韩欧美成人免-日韩欧美不卡一区-日韩欧美爱情中文字幕在线

【映画 館 アダルト】Zoom lets a website turn on your Mac's camera without permission

Video conferencing app Zoom has a major security flaw in its Mac client,映画 館 アダルト letting any website turn on your Mac's camera without a warning, security researcher Jonathan Leitschuh claims.

In a blog post Monday, Leitschuh detailed the vulnerability, which he says he'd disclosed to Zoom more than 90 days ago, and the company still hasn't fixed it.

SEE ALSO: Google Nest camera security flaw allows former owners to observe others' homes

The problem lies in Zoom's usage of a web server on users' local machines. This makes some of Zoom's cool features possible, for example, clicking on a simple link in your web browser automatically starts up the app.

Having an app install and run a web server on a user's machine with an undocumented API "feels incredibly sketchy," Leitschuh says. But there's more. According to Leitschuh, "this web server can do far more than just launch a Zoom meeting. (...) this web server can also re-install the Zoom app if a user has uninstalled it."

This is bad by itself, but Leitschuh discovered a vulnerability that let him launch a Zoom call, with video enabled, on a user's machine without permission. The same vulnerability allows the attacker to perform a DOS (denial of service) type attack on a user's machine.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

Leitschuh says that he'd contacted Zoom on March 26, offering the company a quick fix for the vulnerability. After a lot of back and forth, Zoom partially fixed the flaw, but Leitschuh was able to bypass their fix, after which the company offered no additional fix. The security issue is still present in the latest version of Zoom for Mac, 4.4.4.

In a blog post Monday, Zoom defended its app's functionality, claiming that users are prompted to turn their video off when joining their first meeting, and can set the video to off in subsequent meetings; if they do so, it would be impossible for the host or other participants to turn their camera on. Furthermore, Zoom claims, "because the Zoom client user interface runs in the foreground upon launch, it would be readily apparent to the user that they had unintentionally joined a meeting and they could change their video settings or leave immediately."

The company said they will give users more control of their video settings in an upcoming, July 2019 release.

The company also addresses the presence of the web server on user machines, saying it's a "workaround to a change introduced in Safari 12" and a "legitimate solution to a poor user experience problem."

Zoom has assessed that both the video call issue and the DOS issue were "low risk," which is why the company decided not to change the app's functionality. The company also promised it will launch a public vulnerability disclosure program in the "next several weeks."

The main question users should be asking themselves is whether they want to sacrifice their system's security for a bit of added functionality -- likely, functionality they can live without. Zoom's ability to re-install itself without user permission after it's been uninstalled is particularly worrisome. Since there's no official fix for the issue, you can remove Zoom's web server from your machine by following the steps described in Leitschuh's post.


Featured Video For You
Flipboard’s data breach exposes usernames, passwords

Topics Cybersecurity

0.1475s , 9827.140625 kb

Copyright © 2025 Powered by 【映画 館 アダルト】Zoom lets a website turn on your Mac's camera without permission,Public Opinion Flash  

Sitemap

Top 主站蜘蛛池模板: 日韩欧美国产一二三区在线 | av区无码字幕中文 | 亚洲精品一区二区精华液 | 日日摸夜夜添夜夜添A片看见 | 苍井空50分钟无码种子 | 成人午夜免费无码视频播放器 | 国产精品一区久久 | 成人av天堂一二三在线观看 | h无码精品动漫在线观看 | 99久久免费精品国产男女性高 | 免费无码国产欧美久久18 | 中文字幕在线观看网站 | 法国啄木乌av片在线播放 | 东京热无码人妻系列综合 | 视频在线观看一区 | 女同久久精品 | 国产毛片女人18水多 | 久久久久人妻精品一区二区三区 | 国产成人毛片毛片久久网 | av无码一区二区三区鸳鸯影院 | 国产电影一区二区三区:多元视角下的崛起与挑战 | 樱花草无码专区日本 | 免费麻花豆传媒剧国产MV在线 | 欧美日韩综合无码中文字幕 | 婷婷色在线视频极品视觉盛宴 | 成人精品视频在线观看不卡 | av天堂永久资源网 | 狠狠色噜噜狠狠狠狠2024天天 | 噜噜噜综合亚洲 | 国产精品点击进入在线影院高清 | 国产午夜精品一区二区理论影院 | 久久天天丁香婷婷中文字幕 | 亚洲区色情区激情区小说色情书 | 久久精品国产福利国产琪琪 | 免费人成在线观看视频品爱网址 | 久久亚洲综合色一区二区三区 | 青青自拍视频一区二区三区 | 欧美人又长又大又粗无码视频一区 | 国产精品亚洲玖玖玖在线靠爱 | 精品国产一二三区 | 成人无码区免费视频观看 |