A security researcher has found a flaw in the popular video conferencing app Zoom that could be used to turn on the camera on a Macintosh computer without a user’s permission. The vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without a user’s permission, explained Jonathan Leitschuh, a senior software engineer at Gradle. The code could be used in a malicious ad or in a phishing campaign, he wrote. Zoom contradicted some of Leitschuh’s conclusions in a response post.
- Temporarily blocked on WhatsApp, here's how to fix it