MacAtoZ News Flash (July 2019)

In this issue: Zoom video conferencing software zero day exploit.

July 2019 News Flash

Zoom video conferencing software zero day exploit

[If you do not use the Zoom video conferencing software (www.zoom.us) AND have never used the Zoom software on your Mac you may disregard this message. Note that Zoom software is also used for RingCentral's web conferencing.]

Previous versions of Zoom had several flaws that allowed a malicious web site to force your Mac to turn on its camera and join a conference. You would be aware that this is happening, but you would not be able to control the fact that you were joined to a video conference you didn't want to be in.

Zoom software also ran a hidden web server on Macs with Zoom software installed. This makes a lot of us IT consultants very leery of trusting Zoom. We are unhappy that Zoom found this acceptable from a security perspective and that they hid that they were doing this. We're not necessarily recommending against using Zoom software—in many instances we've seen it work better than FaceTime or Skype—but our trust is certainly shaken.

You can read all the technical details from Jonathan Leitschuh, the security researcher who discovered and reported these vulnerabilities.

In the meantime, we strongly recommend that you update to the latest version of Zoom software (at least version 4.4.53932.0709) that discontinues the local web server and offers a complete Zoom uninstall via the Zoom settings menu. You should do this Zoom update prior to removing Zoom from your Mac, otherwise it will leave the hidden web server behind.

To update, launch Zoom and go to Zoom.us > Check for Updates...

Sentinel and Sentinel+ clients: Please let us know if you require assistance. We can remove Zoom software via a 15 minute remote support session for you if you want us to handle it.

MacAtoZ LLC

503-507-0410
Phones answered weekdays 10am to 3:30pm
If we're unavailable, please leave a message and we will return your call by the end of the next business day.

info@macatoz.com
For general inquiries and potential clients

support@macatoz.com
For tech support help or for scheduling an appointment
This automatically enters your issue into our Help Desk system.

MacAtoZ LLC provides technical support, upgrade, installation, networking, training and tutoring, web design and hosting, and remote support services for Apple products like Macintosh computers, iPhones, iPods, and iPads.

Ty Davison and Dyneé Medlock, our Apple technicians, are the only Apple-certified, Apple Consultants Network members serving both residential and small business clients in Oregon's mid-Willamette Valley.

MacAtoZ has been providing computer services for clients in the Salem area since 2006 (and since 1999 as SiteRev.com). Our technicians are certified by Apple and carry $1 million in business liability insurance. We frequently present and are well-known at the S alem Macintosh Users Group (SMUG). You can count on us.

Our Sentinel and Sentinel+ services offer home users 24/7 Macintosh monitoring, maintenance, and security. Join today!

Quick Links

MacAtoZ LLC: The main company web site. You can find information about products and services as well as advice here.

Amazon via MacAtoZ: Shop at Amazon via our referral link. Help us to help you.

Offsite Backup: You should have one, and we recommend Backblaze. Only $5 a month for unlimited data. Get your 15-day free trial here.

Salem Mac Users Group: Salem, Oregon-area Macintosh and Apple gear enthusiasts. Meets monthly. Visitors welcome!

Apple Consultants Network: If you need help, entrust your computer and your data to professionals.