A security researcher has warned Mac users of a security flaw in the Zoom video conferencing app, putting people at risk of being hijacked. Zoom is most striking because of the click-to-join function, where clicking on a browser link leads you directly to a video meeting in Zoom & # 39; s app

Apple has quietly released an update to address the weakness in the Zoom for Mac video conferencing app so that hackers can take over the camera on your Mac.

Security researcher Jonathan Leitschuh revealed this week that Zoom makes it possible for websites to add you to a call by activating your webcam without permission.

Although Zoom has released a complete solution to the problem, Apple has also released a silent update that is installed automatically, reports TechCrunch.

The troubling security error was not stopped by removing the app because the web server where the vulnerability was found was not removed during this process.

Many users may not even know that the problem already exists because they have already removed the app.

Scroll down for video

Apple has released an update that removes a hidden web server installed by a video conferencing app that allows hackers to take over the camera on your Mac (file photo)

Apple has released an update that removes a hidden web server installed by a video conferencing app that allows hackers to take over the camera on your Mac (file photo)

HOW TO COMPLETELY REMOVE THE ZOOM

Zoom has released a patch on Tuesday that fixes the bug and allows users to manually uninstall Zoom.

& # 39; We are adding a new option to the Zoom menu bar that allows users to manually and completely uninstall the Zoom client, including the local web server, & # 39; said the company.

& # 39; After the patch has been implemented, a new menu option appears with the text & # 39; Zoom uninstall & # 39 ;.

& # 39; Clicking that button completely removes Zoom from the user's device along with the user's saved settings. & # 39;

On Tuesday, Zoom said it will release an update that will remove the local web server to secure the system and eliminate the use of the web servers for good. It also makes it easier for users to completely uninstall the program.

Mr. Leitschuh revealed that the vulnerability of the Zoom app comes from the feature that allows you to send everyone a meeting link and when they open that link in their browser, their Zoom client automatically opens on their local computer.

The investigator says he contacted Zoom on March 26, giving the company a 90-day public reporting deadline.

He demonstrated that any website can open a video-enabled call on a Mac with the Zoom app installed.

That is partly possible because the Zoom app apparently installs a web server on Macs that accepts requests that regular browsers would not have, according to the message.

According to the Verge, Removing the Zoom app from your Mac is not enough to solve the problem.

If you remove Zoom, that web server will continue to exist and you can reinstall Zoom without your guidance.

The publication has confirmed that the vulnerability works. If you click a link if you previously installed the Zoom app, users will be automatically connected to a conference call while your camera is on.

& # 39; If you have ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your computer that will be happy to install the Zoom client for you without needing user interaction on your behalf in addition to visiting a web page & # 39 ;, he wrote.

& # 39; This reinstallation function & # 39; continues to work to this day. & # 39;

The defect is said to be in part due to a web server that installs the Zoom app on Macs, which accepts & # 39; requests that regular browsers would not do & # 39 ;.

Zooming in independently confirmed the vulnerability.

The company discussed the issue Tuesday afternoon in a statement on its website, explaining the patch that will solve the problem.

According to Zoom, updating & # 39; will completely remove the local web server & # 39 ;.

The investigator says he contacted Zoom on March 26, giving the company a 90-day public reporting deadline. He demonstrated that any website can open a video-enabled call on a Mac with the Zoom app installed

The investigator says he contacted Zoom on March 26, giving the company a 90-day public reporting deadline. He demonstrated that any website can open a video-enabled call on a Mac with the Zoom app installed

The investigator says he contacted Zoom on March 26, giving the company a 90-day public reporting deadline. He demonstrated that any website can open a video-enabled call on a Mac with the Zoom app installed

It will also stop using a local web server on Mac devices.

& # 39; Once the patch is deployed, Mac users are prompted in the Zoom user interface (UI) to update their client & # 39 ;, Zoom says.

& # 39; Once the update is complete, the local web server is completely deleted on that device. & # 39;

The patch also adds a button that allows users to manually uninstall Zoom.

Expert Jonathan Leitschuh said there was a & # 39; serious zero-day vulnerability & # 39; is for the Zoom video conferencing app on Macs. In a blog post, Leitschuh discovered that Zoom performs unsafe, allowing websites to accompany you on a call by activating your webcam without permission

Expert Jonathan Leitschuh said there was a & # 39; serious zero-day vulnerability & # 39; is for the Zoom video conferencing app on Macs. In a blog post, Leitschuh discovered that Zoom performs unsafe, allowing websites to accompany you on a call by activating your webcam without permission

Expert Jonathan Leitschuh said there was a & # 39; serious zero-day vulnerability & # 39; is for the Zoom video conferencing app on Macs. In a blog post, Leitschuh discovered that Zoom performs unsafe, allowing websites to accompany you on a call by activating your webcam without permission

Eoin Keary, CEO and co-founder of Edge Scan, said before the update to MailOnline: “A software vulnerability is not surprising and can be resolved with a patch prior to disclosure if the supplier solves the problem in time.

& # 39; This does not seem to be the case, since the first meeting with the investigator about how the vulnerability would be restored did not take place until 18 days before the end of the 90-day disclosure period.

& # 39; What is unfortunate, intrusive and a breach of trust is when the software appears to be & # 39; deleted & # 39; but it really isn't.

& # 39; This is a violation of transparency and exposes people who think they have not installed the software for attacks.

& # 39; Keeping a web server on a user's computer and at the same time giving the impression that it has been deleted looks like a malicious actor.

& # 39; It's underhanded and violates confidence limits. A very bad decision from the people of Zoom. & # 39;

. (TagsToTranslate) Dailymail (t) sciencetech