Mac Zoom software vulnerability

July 19, 2019

Tori Tragis

A vulnerability published last week informed Mac users worldwide that the Mac Zoom client allows any malicious website to enable your camera without your permission. Both Apple and Zoom have since responded to this vulnerability by releasing updates.

If you use Zoom (or one of its white-label products RingCentral or Zhumu) on your Mac, you may have already been prompted to update your software. If you’re not sure, and would like to test for this vulnerability, follow these steps:

1. Open the “Terminal” application


2. Enter the following command: lsof -i :19421


3. Press return/enter

If that command returns nothing but a new line, your system is OK. However, your system is vulnerable and needs to be updated if that command returns an output similar to this:

COMMAND    PID USER FD TYPE DEVICE       SIZE/OFF NODE NAME

ZoomOpene 1471 ksf1 3u IPv4 0x6ad96503eb75625 0t0      TCP localhost:19421 (LISTEN)

 

How to update Mac Zoom:

1. Navigate to your Applications folder and select “zoom.us”
   


2. Double-click to open it


3. As the software launches, it should prompt you for an update


4. Click “Update now”

If it doesn't prompt you automatically, and you’d like to check for updates, go to the Zoom menu and select File, then Check for Updates.

 

Zoom on other operating systems

Zoom users on other platforms may also be vulnerable if your browser automatically opens the software without asking. Improve online safety by updating your browser regularly. 

 

For more information and assistance, contact your local OIT service desk.