Connect with us


A nasty Zoom security flaw lets any website turn on your Mac’s camera without you ever knowing


zoom demo
Image: YouTube

Webcams were a mistake. Seriously, there are so many reasons why. But thinking of a few off the top of my head – there’s this, this, and this. Are you with me now? Well, the hits keep on coming.

The latest comes from security researcher, Jonathan Leitschuh, who lays out the details in a Medium post explaining a crazy zero-day vulnerability that lets any malicious website hack your Mac’s webcam without your permission. Yea, uh, not good.

For those of you out of the loop, Zoom is an extremely popular cloud-based video conference platform that offers people and businesses chat, video, and audio conferencing tools. It’s basically like Google Meet, but a lot more popular. Roughly four million users use it for Mac, which is the prime target for this vulnerability.

As to how the hack works, Leitschuh sums it up here in his blog post:

“This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link… and when they open that link in their browser their Zoom client is magically opened on their local machine.

There’s a whole lot more to this security flaw, so here’s a quick rundown of everything you need to know: 

  • The flaw was first discovered by Leitschuh back in March
  • Even if the user had the Zoom client uninstalled on their Mac, the app could easily be reinstalled
  • For a quick fix to patch up the vulnerability, Leitschuh recommends users go into their settings and switching off “turn off my video when joining a meeting”
zoom video preference how to

Image: KnowTechie

That last bullet point is the best way to protect yourself from this security flaw, as of right now. Zoom still doesn’t have the best solution for this yet, which they admitted to Forbes.

“If an attacker is able to trick a target user into clicking a web link to the attacker’s Zoom meeting ID URL, either in an email message or on an internet web server, the target user could unknowingly join the attacker’s Zoom meeting.”

So yea, if you’re on a Mac and at one point in time had Zoom installed on your machine, immediately head into your Zoom settings and toggle “turn off my video when joining a meeting.” It’s either that or having some rando that probably looks like Curtis watching you from your webcam.

UPDATE: Zoom released a patch on July 9 that should resolve this whole mess.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at or find him on Mastodon or Post.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in News