As a remote team, we use Zoom every day for video conference and screen sharing. If you haven’t read, a security vulnerability in the Zoom macOS application allows a malicious website to enable your camera without your permission.
Directly from Zoom’s blog “To be clear, the host or any other participant cannot override a user’s video and audio settings to, for example, turn their camera on.” You do not need to uninstall the application or discontinue use. For now, to prevent your computer from starting your webcam without your control, we advise all team members using Apple computers running macOS... Follow these three steps: 1. Open the zoom.app 2. From the menu bar > “Check for Updates...” 3. Preferences > Video > “Turn off my video when joining a meeting” This will not fix the underlying problem, however, it will prevent your camera from being activated if a website forces you into a meeting without your knowledge. Until an update is released by Zoom, this may be an acceptable stopping point for your team. If you want to address the underlying issue, please continue on. For more technical folks... A big part of the underlying problem is a local web server the Zoom application installs to make it easier to launch a meeting from a link (example: “https://zoom.us/j/123456789”). A function of this local web server is to make sure the user’s Zoom application is updated and installed. If it’s not installed, it will reinstall the application in the background. The combination of these two functions - easily launch a meeting from a link and keep the application up to date - make the application easy to use for all types of users and a perfect storm to foster a security vulnerability. To fix these issues, the local web server needs to be uninstalled. Following the next steps will disable launching a meeting from a link and disable updating and reinstalling the Zoom application automatically. To be clear, you can still use/launch/install Zoom; it will just not happen automatically. We do not recommend you follow these steps unless you clearly understand the technical implications: 1. Open terminal.app 2. Run this command to stop and delete the local servers: `pkill "ZoomOpener"; rm -rf ~/.zoomus;` This command will do two things: it will stop the local web server and delete the hidden folder housing the server. Be aware, if you reinstall/update the application, it may reinstall the server and you may need to do this process over again. Note: There is an additional command that can prevent Zoom from reinstalling that server in the future, but it will require disabling access to hidden folders and require additional steps to gain access back if the need arises. More information found here: https://gist.github.com/JLLeitschuh/e2550ddd8d6dfd94447b0b557891ba30#file-permanent_zoom_and_ringcentral_server_remover-sh Get rid of Zoom? We’re not advising that. We believe this issue is negligence and not a core issue with either company’s concern for user security and privacy. Our team uses Zoom to this day. Will there be an update to Zoom? We assume so. This issue has gained a lot of attention in the last few days. The local web server does not appear to be a hard dependency of the application. A few experts suggest some adjustments to fix the issue long-term; however, at the time of this email, an update has not been released. Read more on Zoom’s progress towards a fix: https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/ -- :: *Adam Cuppy* :: 866.858.5988 ext. 101 :: 858.523.8505 :: linkedin.com/in/adamcuppy/ <https://www.linkedin.com/in/adamcuppy/> -- -- SD Ruby mailing list sdruby@googlegroups.com http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to sdruby+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/sdruby/CALp56bYLJ%3D75FqDw071B%2BP%3De1Gs%3DDYkNPGxtOQzegtH-bwjjZg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
