Jonathan Leitschuh, a security researcher, recently unearthed a serious security flaw that allowed a hacker to activate a Mac computer’s webcam without alerting the computer’s owner.
The problem is a program called Zoom.
The Zoom software installs a web server on the owner’s computer, which is designed to provide a rapid launch feature for the on-board camera when users click on a web link. The server is also designed to re-install Zoom’s software if it gets removed for any reason.
Unfortunately, a flaw in the program’s design would have allowed hackers easy remote access. That is why Apple quietly removed part of the software’s functionality that allowed users to quick-connect to video conference calls. The company didn’t formally announce the change, nor have they responded to attempts to contact them for an ETA and more details about the bug. However, the company is being tight-lipped about the issue.
Priscilla Barolo, a spokesperson for Zoom, offered this about the issue:
“We’re happy to have worked with Apple on testing this update to resolve the web server issue. We appreciate our users’ patience as we continue to work through addressing their concerns.”
From this, we can glean that there is an effort underway to address the issue, and Apple’s move was a temporary stopgap. Unfortunately, it provides no actionable information. So for the time being, if you use Zoom, it’s not going to work as you’re expecting it to.
Apple is usually more forthcoming than this, but it would probably be a mistake to read too much into their silence. From a practical perspective, be aware that if you rely on Zoom for video conferencing, you may want to look for an alternative, at least in the short term.