[If you do not use the Zoom video conferencing software (www.zoom.us
) AND have never used the Zoom software on your Mac you may disregard this message. Note that Zoom software is also used for RingCentral's web conferencing.]
Previous versions of Zoom had several flaws that allowed a malicious web site to force your Mac to turn on its camera and join a conference. You would be aware that this is happening, but you would not be able to control the fact that you were joined to a video conference you didn't want to be in.
Zoom software also ran a hidden web server on Macs with Zoom software installed. This makes a lot of us IT consultants very leery of trusting Zoom. We are unhappy that Zoom found this acceptable from a security perspective and that they hid that they were doing this. We're not necessarily recommending against using Zoom software—in many instances we've seen it work better than FaceTime or Skype—but our trust is certainly shaken.
You can read all the technical details from Jonathan Leitschuh
, the security researcher who discovered and reported these vulnerabilities.
In the meantime, we strongly recommend that you update to the latest version of Zoom software (at least version 4.4.53932.0709)
that discontinues the local web server and offers a complete Zoom uninstall via the Zoom settings menu. You should do this Zoom update prior to removing Zoom from your Mac, otherwise it will leave the hidden web server behind.
To update, launch Zoom and go to Zoom.us > Check for Updates...
Sentinel and Sentinel+ clients:
Please let us know if you require assistance. We can remove Zoom software via a 15 minute remote support session for you if you want us to handle it.