Weakness in ZOOM products

02/11/2020

Please pay attention to the message about weakness found in ZOOM products

and to the 2 documents with solutions for MAC and Windows

Hi all,

There has been a vulnerability disclosed in the Zoom meeting/video calling software that on Mac’s and Windows enables an attacker to invite someone to a meeting with their webcam enabled requiring no user interaction. There is also a poorly configured webserver running in the background on Mac clients. (Mitigation instructions for this are included in the Mac advisory)

I have attached mitigation instructions for Mac’s & Windows pc’s.

 

Further information can be found here: https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

Read the attached document
Read the attached document