› ›

Here’s How to Protect Yourself Against the Zoom Zero Day

Written By Monday, July 8, 2019 Add Comment Edit

Security researcher Jonathan Leitschuh recently published information of a Zoom zero day vulnerability. Here’s how to protect yourself.


Zoom Zero Day


Basically, the flaw lets any website force you to join a Zoom call and activating your Mac’s camera without your permission. It also lets websites to perform a denial of service (DoS) attack by repeatedly making you join an invalid call.


But it gets worse. When you install Zoom it installs a localhost web server on your Mac. This is what makes Zoom work, so you can join a video call just by clicking a link. But it also lets Zoom be reinstalled without your permission.


Zoom says they don’t have evidence that the zero day was ever used. If a user did click a malicious link, it’s obvious that a video call is starting. But the company will update the app later this month to give users more control over the app settings.


What You Can Do


Since Zoom leaves its web server behind even if you delete the app, we’ll have to use Terminal to manually delete it. But you can also open Zoom, go to Settings > Video, and uncheck the box that says Turn off my video when joining a meeting.


Method 1: Open Terminal and paste the command below:


defaults write  /Library/Preferences/us.zoom.config.plist ZDisableVideo 1

This disables Zoom’s video capabilities for your user account only.


Security researcher Jonathan Leitschuh recently Here’s How to Protect Yourself Against the Zoom Zero Day


Method 2: To disable video access for all users, paste the command below:


sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1

Method 3: To shut down the web server, run


lsof -i :19421

to get the process identifier. You’ll have to do this while Zoom is running. Then enter


kill -9 <process ID>

You can then delete the /.zoomus directory to remove the web server application files. To find it, open Finder, click Go > Go to Folder in the menu bar, and type /.zoomus.


Finally, to stop the web server from being restored with new updates, paste the commands below:


rm -rf  /.zoomus

touch  /.zoomus

Further Reading:


[Hong Kong Protesters Use AirDrop to Bypass Great Firewall]


[Steve Woznkiak: ‘Figure Out a Way to Get Off Facebook’]


0 Response to "Here’s How to Protect Yourself Against the Zoom Zero Day"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel